Escolar Documentos
Profissional Documentos
Cultura Documentos
------------------------------------------------------------
“Identifying” includes the process of identifying the critical assets and their
threats while measuring includes the process of prioritizing the risks based on
the impact of possible outcome and probability of that event (generally into
High/Medium/Low) and analyzing risks includes the strategy for prioritizing
risks so that resources are optimally used.
http://www.ciol.com/cgi-bin/printernew.asp?id=99399 04-Dec-07
Page 2 of 3
z The other challenge is, there are so many sources and outcomes of
threats. Ensuring that all threats are understood threadbare and are
identified is a challenging task.
Measurement of Risks
z Who decides what is low or high. A risk which is high can be considered
medium or low by another person. So how do you ensure the uniformity
of assessments? So that it doesn’t have people questioning the entire
fundamentals of your results.
http://www.ciol.com/cgi-bin/printernew.asp?id=99399 04-Dec-07
Page 3 of 3
and Risk Assessment Tool) for their security implementation. SMART follows
the OCTAVE Criteria and is a multi compliance tool enabling compliance to
ISO 27001, PCI-DSS, GLBA, HIPAA, FIDS, etc.
------------------------------------------------------------
Copyright (c) 2007 CyberMedia India Online Ltd . All rights reserved.
Additional reproduction in whole or in part or in any form or medium without
express written permission of CIOL is prohibited.
Send your questions to webmasterciol@cybermedia.co.in
http://www.ciol.com/cgi-bin/printernew.asp?id=99399 04-Dec-07