| (I) A process that systematically identifies valuable system
resources and threats to those resources, quantifies loss
exposures (i.e., loss potential) based on estimated frequencies
and costs of occurrence, and (optionally) recommends how to
allocate resources to countermeasures so as to minimize total
exposure.
(C) The analysis lists risks in order of cost and criticality,
thereby determining where countermeasures should be applied first.
It is usually financially and technically infeasible to counteract
all aspects of risk, and so some residual risk will remain, even
after all available countermeasures have been deployed. [FP031,
R2196]
|
