Trong kinh doanh trên Internet, rủi ro có thể được đo lường bằng thiệt hại về số lượng những khách hàng mới không phục vụ được, các mặt hàng mới cần bán, các sản phẩm phải sản xuất khi có một sự kiện đe dọa xảy ràng, nếu tất cả các rủi ro đều có thể chuyển được thành tiền thì việc đo lường sẽ trở nên dễ dàng. Tuy nhiên, thực tế không phải rủi ro nào đều có thể làm được như thế | Phân tích & Quản lý rủi ro Võ Viết Minh Nhật Khoa CNTT – Trường ĐHKH Nội dung trình bày Mở đầu Định nghĩa rủi ro Tính dể bị xâm hại (vulnerability) Mối de dọa (threat) Xác định rủi ro cho một tổ chức Đo lường rủi ro Mở đầu Security is about managing risk. Without an understanding of the security risks to an organization’s information assets, too many or not enough resources might be used or used in the wrong way. Risk management also provides a basis for valuing of information assets. By identifying risk, you learn the value of particular types of information and the value of the systems that contain that information. What is risk? Risk is the underlying concept that forms the basis for what we call “security.” Risk is the potential for loss that requires protection. If there is no risk, there is no need for security. And yet risk is a concept that is barely understood by many who work in the security industry. What is risk? Example of the insurance industry how much the car repair . | Phân tích & Quản lý rủi ro Võ Viết Minh Nhật Khoa CNTT – Trường ĐHKH Nội dung trình bày Mở đầu Định nghĩa rủi ro Tính dể bị xâm hại (vulnerability) Mối de dọa (threat) Xác định rủi ro cho một tổ chức Đo lường rủi ro Mở đầu Security is about managing risk. Without an understanding of the security risks to an organization’s information assets, too many or not enough resources might be used or used in the wrong way. Risk management also provides a basis for valuing of information assets. By identifying risk, you learn the value of particular types of information and the value of the systems that contain that information. What is risk? Risk is the underlying concept that forms the basis for what we call “security.” Risk is the potential for loss that requires protection. If there is no risk, there is no need for security. And yet risk is a concept that is barely understood by many who work in the security industry. What is risk? Example of the insurance industry how much the car repair is likely to cost? how much the likelihood that the person will be in an accident? Two components of risk: The money needed for the repair => vulnerability the likelihood of the person to get into an accident => threat Relationship between vulnerability and threat Vulnerability A vulnerability is a potential avenue of attack. Vulnerabilities may exist in computer systems and networks allowing the system to be open to a technical attack or in administrative procedures allowing the environment to be open to a non-technical or social engineering attack. Vulnerability A vulnerability is characterized by the difficulty and the level of technical skill that is required to exploit it. For instance, a vulnerability that is easy to exploit (due to the existence of a script to perform the attack) and that allows the attacker to gain complete control over a system is a high-value vulnerability. On the other hand, a vulnerability that would require the attacker to invest significant resources for .