Wednesday, October 20, 2010

Place of vulnerability and threat in an assessment of the risks to the security of information

A risk assessment is the key organising an Information Security Management System (ISMS). The central elements of a risk assessment are: assets, vulnerabilities, threats, impact, probability and risk. The following definitions will clearly be place of vulnerability and threat in an assessment of the risks:


  • An information asset can be any piece of information which has value to an organization. Assets may take any form, not necessarily electronic.Telephone directory of internal paper, in the mind of someone an audio recording of a presentation, or even a brilliant idea is perhaps an asset! each asset shall be entered in a register active and assigned at least an approximate value.

  • A vulnerability is a weakness in an asset which leaves open the potential damage event indésirable.Vulnérabilités could include elements such as: loss of the hard disk is stored on (for electronic data), or o

    f flammable (for paper documents).
  • A threat is a potential adverse effects which may exploit a vulnerability to damage or destroy an asset information.Threats can be very varied, from catastrophic (e.g. direct Meteor strike, the Bank business bankruptcy) much smaller scale (e.g. E-mail server crash, lock failure): this type is most likely.

  • Impact is the effect that a threat on the fleet organization may or may not be related to the severity of the threat. For example, it can be a serious lack of staff coffee machine threat if the electrical circuit develops a fault. However, given that it has no effect on the company, the impact is considered low.

  • A probability is the probability that materialise a threat.Probabilities can vary greatly, from extremely small (e.g. a Meteor strike) to very high (e.g., a server crash).

  • A risk is the confluence of all the above items.The risks are cataloged in a risk register and are assigned priorities according to a risk matrix.This form of the output of the risk assessment.


The concepts of vulnerability and threat can be considered as complementary to an assessment risques.Un asset which has no vulnerabilities have any risk, however serious threats apply to elle.à Conversely, an asset that is not exposed to any threat even not will be subject to any risk, but it has many vulnérabilités.Malheureusement none of these two situations is likely to be found in real life.


The roles of vulnerability and threat in an evaluation risk are essential for the financial year when terms information security risks, it may not immediately obvious that the vulnerabilities and threats are in fact, since the information is less tangible asset type, for example, equipment industriels.Cependant, it is important to estimate accurately, because the outcome of the risk assessment determines the entire Information Security Management System (ISMS) thus TargetObject, vulnerability and threat are essential to executing any form of risk assessment concepts.

This entry transmitted via the service for full-text RSS - if this is your content and you read on someone to another site, please read our FAQ page
Article five filters features: After Hiroshima - non-rapport Cancer Catastrophe of Fallujah.

View the original article here

No comments:

Post a Comment