{"title":"内部审计风险评估程序","authors":"K. Montry, R. Kelley","doi":"10.1109/IAW.2005.1495991","DOIUrl":null,"url":null,"abstract":"When considering the information assurance (IA) requirement against a particular program, one must consider the actual risk that needs to be mitigated by any proposed solution. Understanding the actual risk and applying only those solutions deemed necessary will provide a best value approach to the customer. This paper defines one method to gain an understanding of IA risk by exploring the threats applicable to the system, the paths down which those threats can act and the effects of that action on the system given the environment in which the system currently exists. Considering all of those factors will allow a relative risk to be assigned for each applicable intersection.","PeriodicalId":252208,"journal":{"name":"Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop","volume":"189 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2005-06-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"IA risk assessment process\",\"authors\":\"K. Montry, R. Kelley\",\"doi\":\"10.1109/IAW.2005.1495991\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"When considering the information assurance (IA) requirement against a particular program, one must consider the actual risk that needs to be mitigated by any proposed solution. Understanding the actual risk and applying only those solutions deemed necessary will provide a best value approach to the customer. This paper defines one method to gain an understanding of IA risk by exploring the threats applicable to the system, the paths down which those threats can act and the effects of that action on the system given the environment in which the system currently exists. Considering all of those factors will allow a relative risk to be assigned for each applicable intersection.\",\"PeriodicalId\":252208,\"journal\":{\"name\":\"Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop\",\"volume\":\"189 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2005-06-15\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IAW.2005.1495991\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IAW.2005.1495991","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
When considering the information assurance (IA) requirement against a particular program, one must consider the actual risk that needs to be mitigated by any proposed solution. Understanding the actual risk and applying only those solutions deemed necessary will provide a best value approach to the customer. This paper defines one method to gain an understanding of IA risk by exploring the threats applicable to the system, the paths down which those threats can act and the effects of that action on the system given the environment in which the system currently exists. Considering all of those factors will allow a relative risk to be assigned for each applicable intersection.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
