1. Asset identification and Value Assignment
2. Quantitative/Qualitative Risk Analysis and assessment
3. Countermeasure and implementation
Asset identification and Value Assignment
Delphy technique consists in make a group, and anonimously, everybody put a value for some risks
Quantitative Risk Analysis
AV asset value
EF exposure factor
SLE single loss expectanci
ARO anualized rate of occurrence
ALE anualized loss expectancy
residual risk -> risk reduced by safeguards (risk never is reduced to 0)
total risk -> we have total risk if don't implement the safeguards.
AV * EF = SLE
SLE * ARO = ALE
Coefficients are in range 0-1 with 2 decimals.
Qualitative Risk Analysis
Some levels may be defined, like: dangerous, very dangerous, not dangerous.
Handling Risks
There are 4 options for each risk:
transfer the risk (ex. insurance)
reduce the risk (ex. countermeasures)
rejecting the risk (ex. ignore the risk)
accept the risk (ex. cost of countermeasures outweights the potential loss value AV)
Countermeasure costs:
Product cost
Design/planning cost
Implementation cost
Environment modifications
Compatibility with other countermeasures
Maintenance requirements
Testing requirements
Repair, replace, or update costs
Operating and support costs
Effects on productivity
No comments:
Post a Comment