The quest for weak links in information security
Source: CSO Online - Posted by Anthony Pell   
Intrusion Detection A widely accepted definition of information security risk is the potential of a specific threat exploiting the vulnerabilities of an information asset, with the following formula used to represent information security risks: Risk = Likelihood x Impact. The potential impact on information, processes and people is typically estimated during a business impact analysis as part of corporate business continuity planning. However, estimating likelihood of information security risks is often guesswork resulting from combined vulnerability assessments and threats assessments. While assessing the likelihood of risks, many IT security teams will categorise risk using the traffic light system for high, medium or low level.

Read this full article at CSO Online

Only registered users can write comments.
Please login or register.

Powered by AkoComment!