Risk Analysis: Identification Of Vulnerabilities
Identifying the mechanism that deal with the recognized risks and measure their strength. Based on this assessment, considering the risks in terms of possibility and significance, and the present risk level.
Risk analysis is the procedure of defining and analyzing the threats to personals, organization and government agencies posed by potential natural or human-caused adverse events. A risk analysis aids to integrate security program with the company 's goals and requirements. It also helps the company to assign a suitable budget for an effective security program and its components. After a company recognizes the significance of assets and the likely threats to be exposed, it can make good decisions on the amount of effort and money to spend.
Risk analysis that is a one of the important tool for managing the risk, is used for identifying possible …show more content…
The goal of this step is to identify a list of system weakness, by using security test of system, audit comments and security requirements that could be exploited. These weaknesses generate the threat/vulnerability pair.
For every threat/vulnerability pairs, identify all the possible existing and planned controls to decrease the risk of the threat to exploit vulnerability. Security controls involve the use of technical and non-technical approaches. Technical controls are protection that are combined with computer hardware, software, and firmware. In the other hand Non-technical controls are administrative and operational controls, for instance operation procedure, security policies and environmental security.
Likelihood specifies the chance that a possible vulnerability may be exercised within the construct of associated threat environment, which may be very likely, probable, and improbable.