forced ranking optimization

A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

Definitions:

Prioritizing risks in the way that will best use available resources to achieve the maximum benefit given specific negative and positive consequences. Various business drivers and risk consequences have differing weights for developing a score, helping to move beyond the simplistic “threat multiplied by vulnerability” approach to build business objectives into that equation. Because these factors and their weights are based on business drivers, the factors should be defined by senior stakeholders but can be applied at all levels of the enterprise, subject to adjustment and refinement. Notably, while forced ranking is often the default method of optimization, the methods above are equally valid and beneficial to the enterprise.
Sources:
NISTIR 8286B

Glossary Comments

Comments about specific definitions should be sent to the authors of the linked Source publication. For NIST publications, an email is usually found within the document.

Comments about the glossary's presentation and functionality should be sent to secglossary@nist.gov.

See NISTIR 7298 Rev. 3 for additional details.