2. Threat identification and distribution: that is, analyze the frequency of each threat faced by assets, including environmental factors and human factors.
3. Vulnerability identification and valuation: Find and identify vulnerabilities from both management and technology, and value assets according to the damage caused by threats.
4. Calculation of risk value: By analyzing the above test data, calculate the risk value, identify and confirm high risks, and put forward rectification suggestions for existing safety risks.
5. The assessed unit can prevent and resolve information security risks according to the risk assessment results, or control the risks at an acceptable level, so as to provide scientific basis for ensuring network and information security to the maximum extent.
Extended data
The operation scope of risk assessment can be the whole organization, a department within an organization, or an independent information system, specific system components and services.
Some factors affecting the progress of risk assessment, including assessment time, intensity, development scope and depth, should be consistent with the environment and safety requirements of the organization. Organizations should choose appropriate risk assessment methods according to different situations. Risk assessment methods often used in practical work include baseline assessment, detailed assessment and portfolio assessment.
The main tasks of risk assessment include: identifying various risks faced by the assessed object; Assess the risk probability and possible negative impact; Determine the ability of the organization to take risks; Determine the priority level of risk reduction and control; Recommend countermeasures to reduce risks.
Baidu encyclopedia-risk assessment
Baidu Encyclopedia-Security Risk Assessment