Студопедия
Случайная страница | ТОМ-1 | ТОМ-2 | ТОМ-3
АрхитектураБиологияГеографияДругоеИностранные языки
ИнформатикаИсторияКультураЛитератураМатематика
МедицинаМеханикаОбразованиеОхрана трудаПедагогика
ПолитикаПравоПрограммированиеПсихологияРелигия
СоциологияСпортСтроительствоФизикаФилософия
ФинансыХимияЭкологияЭкономикаЭлектроника

Risk management

V. Give Russian equivalents | X. Insert the proper words (see the words below) | VIII. Say in one word (see the words below) | I. Repeat the words after the teacher | IX. Insert the proper words (see the words below) | XI. Give English equivalents | XI. Say in one word (see the words below) | X. Give English equivalents | I. Read and translate the information using the vocabulary | VII. Insert the proper words (see the words below) |


Читайте также:
  1. A Bold New Solution for Risk Management
  2. A. Availability Management
  3. Activity-based Demand Management
  4. Automatic memory management
  5. Brand management
  6. Business Service Management
  7. Business; Management personal statement

A comprehensive treatment of the topic of risk management is beyond the scope of this article. However, a useful definition of risk management will be provided as well as some basic terminology and a commonly used process for risk management.

The CISA Review Manual 2006 provides the following definition of risk management: “Risk management is the process of identifying vulnerabilities and threats to the information resources used by an organization in achieving business objectives, and deciding what counter-measures, if any, to take in reducing risk to an acceptable level, based on the value of the information resource to the organization.”

There are two things in this definition that may need some clarification. First, the process of risk management is an ongoing interactive process. It must be repeated indefinitely. The business environment is constantly changing and new threats and vulnerability emerge every day. Second, the choice of countermeasure (computer)s (controls) used to manage risks must strike a balance between productivity, cost, effectiveness of the countermeasure, and the value of the informational asset being protected.

Risk is the likelihood that something bad will happen that causes harm to an informational asset (or the loss of the asset). Vulnerability is a weakness that could be used to endanger or cause harm to an informational asset. A threat is anything (man-made or act of nature) that has the potential to cause harm.

The likelihood that a threat will use a vulnerability to cause harm creates a risk. When a threat does use a vulnerability to inflict harm, it has an impact. In the context of information security, the impact is a loss of availability, integrity, and confidentiality, and possibly other losses (lost income, loss of life, loss of real property). It should be pointed out that it is not possible to identify all risks, nor is it possible to eliminate all risk. The remaining risk is called residual risk.

A risk assessment is carried out by a team of people who have knowledge of specific areas of the business. Membership of the team may vary over time as different parts of the business are assessed. The assessment may use a subjective qualitative analysis based on informed opinion, or where reliable dollar figures and historical information is available, the analysis may use quantitative analysis.

Vocabulary


authenticity – подлинность

genuine – настоящий, подлинный

validate – удостовериться

party – сторона

involve – вовлекать

claim – заявлять, выдавать

imply – подразумевать

intention – намерение

fulfill – выполнять

obligation – обязательство

deny – отрицать

signature – подпись

establish – устанавливать

risk management – управление риском

comprehensive – всесторонний

treatment – рассмотрение, толкование

beyond – вне

scope – сфера, область

definition – определение

commonly – обычно

Review – обзор, периодический журнал

manual – руководство

identification – идентификация

vulnerability – слабое место

threat – угроза

achieve – достигать

objective – цель

countermeasure – контрмера

if any – если таковые имеются

acceptable – приемлемый, допустимый

value – ценность, оценка

clarification – прояснение, разъяснение

ongoing – непрерывно продолжающийся

indefinitely – неопределённо

environment – окружение, среда

constantly – постоянно

emerge – возникать

choice – выбор

strike – 1.нарушать, ударять, 2.выравнивать

asset – актив

likelihood – вероятность

cause – вызывать

harm – вред

weakness – слабость

endanger – подвергать опасности

inflict – причинить

impact – влияние

income – доход

identify – определять

eliminate – устранять

residual – остаточный

assessment – оценка

carry out – осуществлять

team – команда

membership – членство

vary – различаться

qualitative – качественный

opinion – мнение

reliable – надёжный

quantitative – количественный


CISA – certified information systems auditor


Exercises


Дата добавления: 2015-11-14; просмотров: 42 | Нарушение авторских прав


<== предыдущая страница | следующая страница ==>
Confidentiality| VIII. Insert prepositions

mybiblioteka.su - 2015-2024 год. (0.008 сек.)