Professional Documents
Culture Documents
Confidence Confident
Assets Attributes:
Software Version
Physical Location
Logical Location
D. Asset Categorization
THE RISK MANAGEMENT CATEGORIZATIONS INTRODUCE SEVERAL NEW
SUBDIVISIONS:
Internal
Internal information is to be viewed only by corporate
employees, authorized contractors, and other third parties.
External
All information that has been approved by management for
public release
Top Secret
Secret
Confidential.
KEY TERMS
Attack Success Probability - The number of successful
attacks that are expected to occur within a specified
time period.
4. Calculating Risk
RISK is the Probability of a Successful Attack on the
Organization
Loss Frequency = Likelihood ∗ Attack Success Probability
Multiplied by The Expected Loss from a Successful Attack
Loss Magnitude = Asset Value ∗ Probable Loss
2. Comparing Risks
3. Taking Action
given scenario:
The company implements a firewall to protect the company's
computer network from cyberattacks
BASELINING
establishing a reference point or baseline to measure
various security metrics