Date Published: August 1, 1979
Author(s)
National Bureau of Standards
This document presents a technique for conducting a risk analysis of an ADP facility and related assets. Risk analysis produces annual loss exposure values based on estimated costs and potential losses. The annual loss exposure values are fundamental to the cost effective selection of safeguards for the security of the facility. An ADP facility of a hypothetical government agency is used for an example. The characteristics and attributes of a computer system which must be known in order to perform a risk analysis are described and an example is given of the process of analyzing some of the assets, showing how the risk analysis can be handled
This document presents a technique for conducting a risk analysis of an ADP facility and related assets. Risk analysis produces annual loss exposure values based on estimated costs and potential losses. The annual loss exposure values are fundamental to the cost effective selection of safeguards for...
See full abstract
This document presents a technique for conducting a risk analysis of an ADP facility and related assets. Risk analysis produces annual loss exposure values based on estimated costs and potential losses. The annual loss exposure values are fundamental to the cost effective selection of safeguards for the security of the facility. An ADP facility of a hypothetical government agency is used for an example. The characteristics and attributes of a computer system which must be known in order to perform a risk analysis are described and an example is given of the process of analyzing some of the assets, showing how the risk analysis can be handled
Hide full abstract
Keywords
ADP availability; annual loss exposure; application system vulnerability; computer security; data confidentiality; data integrity; data security; physical security; procedural security; risk analysis; risk assessment; systems security
Control Families
None selected
