Information Security and ItsImpact on Business精品.pptVIP

* This option is to conduct informal pragmatic risk analyses. An informal approach is not based on structure methods, but exploits the knowledge and experience of individuals. 3. Informal Approach: [Advantages] 1. It usually does not require a lot of resources or time. 2. It is performed quicker than a detailed risk analysis. [Disadvantages] 1.Without some sort of formal approach or comprehensive checklists, the likelihood of missing some important details increases. 2. The results may be influenced by subjective views and the prejudices of the reviewer. * A detailed risk analysis for an IT system involves the identification of the related risks, and an assessment of their magnitude. Once a detailed risk analysis review for a system has been completed, the result of the review Asset and their values Threat, vulnerability, and risk levels Safeguards identified should be saved. 3. Detailed Approach: [Advantages] It is likely that appropriate safeguards are identified for all systems The results of the detailed analysis can be used in the management of security changes. [Disadvantages] It requires a considerable amount of time and effort, and expertise, to obtain results. 4. It is not advisable to use detailed risk analysis for all IT systems. * First it is necessary to conduct an initial high level risk analysis to identify which approach (baseline or detailed approach) is appropriate for each IT system. Input for the decision as to which approach is suitable for which IT system can be obtained from consideration of the following: The business values of the IT systems. This means the degree to which the organization’s business depends on the IT system. The level of investment in this system, in terms of developing, maintaining, or replacing the system. The asset’s value of the IT system, for which the organization directly assigns. Combined Approach [Advantages] The option, which is in a sense the combination of the best point of the baseline approach and the detai