Đang chuẩn bị liên kết để tải về tài liệu:
fisma certification and accreditation handbook phần 7

sau đó quá trình ghi danh người sử dụng sẽ ngừng làm việc ngay cả khi các trang web New York vẫn còn hoạt động. Rõ ràng, một trong những cách để giảm thiểu nguy cơ này sẽ được di chuyển các chức năng của quá trình ghi danh người sử dụng hoàn toàn các trang web New York. | 282 Chapter 17 Performing a System Risk Assessment Federal Emergency Management Agency www.fema.gov index.shtm Hazards Research Lab at University of South Carolina http go2.cla.sc.edu hazard db_registration Natural Disaster Hotspots A Global Risk Analysis http sedac.ciesin.columbia.edu hazards hotspots synthesisreport.pdf Natural Disaster Reference Database http ndrd.gsfc.nasa.gov National Geophysical Data Center Natural Hazards Data www.ngdc.noaa.gov seg hazard hazards.shtml Natural Hazards Center All Hazards www.colorado.edu hazards resources web all.html indices National Oceanic and Atmospheric Administration Central Library www.lib.noaa.gov Qualitative Risk Assessment When you use relative concepts to determine risk exposure you are using qualitative risk analysis. Relative classification systems compare one component to another allowing you to rank a classification as high medium or low. It s useful to rank risk exposures caused by vulnerabilities so you can more easily make decisions on what to do about them. You can use the same qualitative risk exposure matrix listed in Table 14.4. A more simplified version of that table is shown in Table 17.1. Once you have established what the vulnerabilities are you need to determine their likelihood of being exploited and the severity of the loss.You determine the risk exposure by multiplying the severity of the loss by the likelihood. As a reminder Risk Exposure Likelihood x Impact R E P L x S L P L Probability of loss likelihood S L Severity of loss impact www.syngress.com Performing a System Risk Assessment Chapter 17 283 Table 17.1 Qualitative Risk Exposure Determination Table Impact Values S L Likelihood P L Low Medium High High Low Medium High Medium Low Medium Medium Low Low Low Low Table 17.1 is very similar to Table 3.6 in the NIST Special Publication 80030 Risk Management Guide for Information Technology Systems July 2002. Quantitative Risk Assessment Quantitative risk assessment associates loss with a .