《牛津字典》把风险定义为涉及危险的情况。在商业中,如果发生不利结果的可能性,则发生风险。其他与风险相关联的词通常是危险和威胁之类的词。
在大多数情况下,没有实施缓减措施,风险可能导致财务或物质资产的损失,或者更为严重的是,它可能导致生命损失。因此,组织需要一种技术来帮助识别和分类风险,因此风险分析的相关性。
风险分析有助于确定预防措施,以减少发现的威胁发生的概率。信息技术(IT)管理人员能够利用风险分析的原则来增加组织的价值,以确保企业在面临风险时仍然存在。
风险分析过程包括三个过程:风险识别、风险评估和风险评估。危害辨识是识别不良或不良事件导致的危害[ ]的具体化过程。风险评估是确定风险的大小和大小的过程。最后,风险评估是根据风险的重要性、严重性或严重性来评估风险的过程。数学上,风险方程可以表示为:
The oxford dictionary defines a risk as a situation involving exposure to danger. In business, an occurrence is said to be risky if it has the probability of an adverse outcome. Others words typically used in association with risks are words such as hazards and threats.
In most cases, were mitigation controls are not implemented, a risk could result in the loss of financial or material assets, or more critically, it could lead to loss of life. Organisations therefore need a technique to assist in the identification and classification of risks; hence the relevance of Risk analysis.
Risk analysis assists in defining preventive measures to reduce the probability of identified threats occurring.
Information Technology (IT) managers are able to add value to organisations by using the principles of risk analysis to ensure that businesses remain existent in the face of a risk.
The risk analysis process involves three processes: Hazard identification, Risk
Assessment and Risk evaluation. Hazard identification is the process of identifying undesired or adverse events that lead to the materialisation of a hazard []. Risk
Assessment is the process of determining the size and magnitude of a risk. Finally, Risk evaluation is the process of assessing the risk in terms of its significance, gravity, or seriousness. [] Mathematically, the risk equation can be expressed as:
Risk = (Impact * Likelihood) or
Risk = (Probability * Likelihood) []
Impact measures the level of loss to the organisation. Loss can either be financial or operational and Likelihood measures the probability of feeling the impact.
Risk Assessment Methodology
Risk assessment is the systematic evaluation of the likelihood of an adverse effect arising from exposure in a defined population. The focus for IT security managers is risk assessment that is geared towards meeting the confidentiality, Integrity and Availability of information resources [].
Risk Analysis Techniques
Risk analysis techniques can be broken down into two broad methods: Qualitative Risk Analysis and Quantitative Risk Analysis. Regardless of the technique selected by an IT security manager, an understanding of the organisations' process assets i.e. how risks were handled in the past, the scope of the project in question and plans that have been put in place to manage risks have to be clearly defined.
Qualitative Risk Analysis
Qualitative risk analysis involves the use of relative concepts to determine risk exposure [] thereafter, a relative classification system is employed where risks are classified as high, medium or low []. Qualitative risk analysis allows IT managers perform systematic examinations of threats and risks to the organisation. It also provides the opportunity for a review of proposed countermeasures and safeguards to determine the best cost-benefit implementation [].
Using this technique requires IT managers to develop a scope plan, assemble a quality team, identify threats
本论文由英语论文网提供整理,提供论文代写,英语论文代写,代写论文,代写英语论文,代写留学生论文,代写英文论文,留学生论文代写相关核心关键词搜索。