0 like 0 dislike
9 views
There is, for example, two types of solutions which allow you to exchange information.
For these solutions it seems to me that there are the following risks when storing information:
• modification of the information
• lock information
• deletion of information etc.

I think that the risks that I have identified may be incorrect, due to my ignorance. Consequently, I would like to more fully have an understanding of the risks associated with the storage of information: to see some examples of how they are determined. To looking at them to understand how they generally define what logic to follow and thus to consider not only what occurred, and more.

Where can I see the examples of how to determine the risks associated with the storage of information?
| 9 views

0 like 0 dislike
Here is all You need.
by
0 like 0 dislike
Write the essence that does not work you ?
by
0 like 0 dislike
I'd like to note that the evaluation of information security Risk need to enter the "Information Security Program" of your company. As in the section "information security Policy" laid the basic rules and values and the role that then you're going to operate in the "Risk Assessment". If not, then the risk must be assessed from the calculation of a certain Optimistic or pessimistic scenario.

Approximate method of calculation of Risk in information system:

1. To calculate the value / importance of all Values (Assets) in your information system. To determine the importance of values in order.

2. To determine all possible threats and attack scenarios. Insiders, Viruses, Competitors, equipment Failure, etc.

3. To calculate a numerical Risk to each Value in the case of each Threat. the numbers on formulas ALE, MTD, ARO, SLE
ALE = SLE * ARO
(see my ranije posts for example)
MTD - how long your business will last when ischeznovenie Value of XX ??
ALE - what is the damage in monetary terms , on average, in a year you will cause a threat XX?
(there are a number of threats which occur naturally once a year, every two years etc.)

4. Thus to assess the most significant Threats.

5. To assess what can be done to minimize the effects of threats on Sammie important Values. This means What kind of protection should additionally buy\\install\\train\\test\\build.
Perhaps some of the solutions will be built-in protection he some proh. At this stage you will receive the cost in money to cover the remaining protection.
And maybe you'll find out that you have some expenses which do not depend on the type of Solution. for example you still need to train employees not to transfer the password in the mail:)

Further, doing such analysis for the First solution and Second solution, and comparing monetary values.
by

0 like 0 dislike