-
In 2008, when the International Organization for Standardization (ISO) Risk Management Working Group was formulating relevant standards, the definition of "risk" proposed by the Chinese expert group was proposed. That is, risk is the "effect of uncertainty on objectives". Therefore, information security risk is the perceived or natural threat that exploits the vulnerabilities existing in information systems and their management systems to lead to the occurrence of security incidents and their impact on the organization.
Therefore, risk and security are a contradictory continuum, especially in the information age, there is never absolute security and zero risk. What can be done is to first assess the likely impact of the risk, then take measures to avoid, pass on and reduce the risk, and finally control the risk within the acceptable range. This is the essence of risk assessment.
So how do you keep the risk within a tolerable range? The following concepts also need to be understood.
Determined according to the consequences of the perpetrator's actions! In 2008, when the International Organization for Standardization (ISO) Risk Management Working Group was formulating relevant standards, the definition of "risk" proposed by the Chinese expert group was proposed. That is, risk is the "effect of uncertainty on objectives".
Therefore, information security risk is the perceived or natural threat that exploits the vulnerabilities existing in information systems and their management systems to lead to the occurrence of security incidents and their impact on the organization.
Therefore, risk and security are a contradictory continuum, especially in the information age, there is never absolute security and zero risk. What can be done is to first assess the likely impact of the risk, then take measures to avoid, pass on and reduce the risk, and finally control the risk within the acceptable range. This is the essence of risk assessment.
So how do you keep the risk within a tolerable range? The following concepts also need to be understood.
-
It's quantifiable depending on how the two sides deal with it.
-
If you analyze specific problems in detail, how can you apply a one-size-fits-all approach, it depends on what kind of behavior.
-
Quantitative criteria can have several dimensions:
Dimensions of the educational learning process, such as learning duration, number of learning sessions, practice scores of corresponding learning content, and test scores initiated on a daily basis.
Actual simulation: test results such as simulated phishing emails, the number of times ransomware viruses are hit, and other losses are measured: whether the company has employees who have been punished or sentenced accordingly, measurable economic losses, and the time of interruption of the company's operations.
Guan Tianxia is committed to the information security awareness education of enterprise employees and the whole society, providing information security awareness training solutions, effect evaluation, etc.
No, it's a judgment of an act.
If you have some ordinary domesticated pets, it is a kind of kindness, because you are responsible for her life well, but if you raise some that have not been domesticated, it is actually quite selfish.
How should I write a review of vandalism? >>>More
At present, the mainstream research direction of traditional Chinese medicine is to study single doses and study ingredients. >>>More
When you admire the green trees and red flowers of the city, do you think of the workers who are carefully cultivated and rested, when you see the spotless streets, do you think of the employees who clean the streets, they are the beauticians of urban construction, they are a star on the earth, they are unknown heroes. >>>More