HOME

TheInfoList



Click Here for Items Related To - Risk Factor (computing)
OR:
Risk Factor (computing) on:   [Wikipedia]   [Google]   [Amazon]

In
information security Information security is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorized or inappropriate access to data ...
, risk factor is a collective name for circumstances affecting the
likelihood A likelihood function (often simply called the likelihood) measures how well a statistical model explains observed data by calculating the probability of seeing that data under different parameter values of the model. It is constructed from the j ...
or impact of a security risk.


Definitions


FAIR

Factor Analysis of Information Risk Factor analysis of information risk (FAIR) is a taxonomy of the factors that contribute to risk and how they affect each other. It is primarily concerned with establishing accurate probabilities for the frequency and magnitude of data loss events ...
(FAIR) is devoted to the analysis of different factors influencing
IT risk It or IT may refer to: * It (pronoun), in English * Information technology Arts and media Film and television * ''It'' (1927 film), a film starring Clara Bow * '' It! The Terror from Beyond Space'', a 1958 science fiction film * ''It!'' (1967 ...
. It decompose at various levels, starting from the first level Loss Event Frequency and Probable Loss Magnitude, going on examining the
asset In financial accounting, an asset is any resource owned or controlled by a business or an economic entity. It is anything (tangible or intangible) that can be used to produce positive economic value. Assets represent value of ownership that can b ...
, the
threat A threat is a communication of intent to inflict harm or loss on another person. Intimidation is a tactic used between conflicting parties to make the other timid or psychologically insecure for coercion or control. The act of intimidation f ...
agent capability compared to the
vulnerability (computing) Vulnerabilities are flaws or weaknesses in a system's design, implementation, or management that can be exploited by a malicious actor to compromise its security. Despite a system administrator's best efforts to achieve complete correctness, vi ...
and the security control (also called
countermeasure A countermeasure is a measure or action taken to counter or offset another one. As a general concept, it implies precision and is any technological or tactical solution or system designed to prevent an undesirable outcome in the process. The fi ...
) strength, the probability that the agent get in contact and actually act against the asset, the organization capability to react to the event and the impact on stakeholders.


ISACA

Risk factors are those factors that influence the frequency and/or business impact of risk scenarios; they can be of different natures, and can be classified in two major categories:ISACA THE RISK IT FRAMEWORK (registration required)
/ref> * Environmental, further subdivided in: ** Internal environmental factors are, to a large extent, under the control of the enterprise, although they may not always be easy to change. ** External environmental factors are, to a large extent, outside the control of the enterprise. * Capability of the organization, further subdivided in: **
IT risk management IT risk management is the application of risk management methods to information technology in order to manage IT risk. Various methodologies exist to manage IT risks, each involving specific processes and steps. An IT risk management system ...
capabilities—To what extent is the enterprise mature in performing the risk management processes defined in the
Risk IT IT risk management is the application of risk management methods to information technology in order to manage IT risk. Various methodologies exist to manage IT risks, each involving specific processes and steps. An IT risk management system ...
framework ** IT capabilities—How good is the enterprise at performing the IT processes defined in
COBIT COBIT (Control Objectives for Information and Related Technologies) is a framework created by ISACA for information technology (IT) management and IT governance. The framework is business focused and defines a set of generic processes for the ...
** IT-related business capabilities (or value management)—How closely do the enterprise's value management activities align with those expressed in the
Val IT Val IT is a governance framework that can be used to create business value from IT investments. It consists of a set of guiding principles and a number of processes and best practices that are further defined as a set of key management practices ...
processes


Risk scenario

An
IT risk It or IT may refer to: * It (pronoun), in English * Information technology Arts and media Film and television * ''It'' (1927 film), a film starring Clara Bow * '' It! The Terror from Beyond Space'', a 1958 science fiction film * ''It!'' (1967 ...
risk scenario is a description of an IT related event that can lead to a business impact, when and if it should occur. Risk factors can also be interpreted as causal factors of the scenario that is materialising, or as
vulnerabilities Vulnerability refers to "the quality or state of being exposed to the possibility of being attacked or harmed, either physically or emotionally." The understanding of social and environmental vulnerability, as a methodological approach, involves ...
or weaknesses. These are terms often used in risk management frameworks. Risk scenario is characterized by: * A
threat A threat is a communication of intent to inflict harm or loss on another person. Intimidation is a tactic used between conflicting parties to make the other timid or psychologically insecure for coercion or control. The act of intimidation f ...
actor that can be: ** Internal to the organization (employee, contractor) ** External to the organization (competitor, business partner, regulator, act of god) * A threat type: ** Malicious, ** Accidental ** Failure ** Natural * Event ** Disclosure ** Modification ** Theft ** Destruction ** Bad design ** Ineffective execution ** Inappropriate use *
Asset In financial accounting, an asset is any resource owned or controlled by a business or an economic entity. It is anything (tangible or intangible) that can be used to produce positive economic value. Assets represent value of ownership that can b ...
or resource ** People and organization ** Process ** Infrastructure or facilities ** IT infrastructure ** Information ** Application * Time ** Duration ** Timing of occurrence (critical or not) ** Timing to detect ** Timing to react The risk scenario structure differentiates between loss events (events generating the negative impact), vulnerabilities or vulnerability events (events contributing to the magnitude or frequency of loss events occurring), and threat events (circumstances or events that can trigger loss events). It is important not to confuse these risks or throw them into one large risk list."An Introduction to Factor Analysis of Information Risk (FAIR)", Risk Management Insight LLC, November 2006
;


See also

*
Asset In financial accounting, an asset is any resource owned or controlled by a business or an economic entity. It is anything (tangible or intangible) that can be used to produce positive economic value. Assets represent value of ownership that can b ...
*
Attack (computing) A cyberattack (or cyber attack) occurs when there is an unauthorized action against computer infrastructure that compromises the confidentiality, integrity, or availability of its content. The rising dependence on increasingly complex and inte ...
* Countermeasure (computer) *
Computer security Computer security (also cybersecurity, digital security, or information technology (IT) security) is a subdiscipline within the field of information security. It consists of the protection of computer software, systems and computer network, n ...
*
Computer insecurity Computer security (also cybersecurity, digital security, or information technology (IT) security) is a subdiscipline within the field of information security. It consists of the protection of computer software, systems and networks from thr ...
*
Information Security Information security is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorized or inappropriate access to data ...
*
Information security management Information security management (ISM) defines and manages controls that an organization needs to implement to ensure that it is sensibly protecting the confidentiality, availability, and integrity of assets from threats and vulnerabilities. The ...
*
ISACA ISACA is an international professional association focused on IT (information technology) governance. On its IRS filings, it is known as the Information Systems Audit and Control Association, although ISACA now goes by its acronym only.
*
Information security management system Information security management (ISM) defines and manages controls that an organization needs to implement to ensure that it is sensibly protecting the confidentiality, availability, and integrity of assets from threats and vulnerabilities. The co ...
*
ISO/IEC 27001 ISO/IEC 27001 is an information security standard. It specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS). Organizations with an ISMS that meet the st ...
*
IT risk It or IT may refer to: * It (pronoun), in English * Information technology Arts and media Film and television * ''It'' (1927 film), a film starring Clara Bow * '' It! The Terror from Beyond Space'', a 1958 science fiction film * ''It!'' (1967 ...
*
Risk In simple terms, risk is the possibility of something bad happening. Risk involves uncertainty about the effects/implications of an activity with respect to something that humans value (such as health, well-being, wealth, property or the environ ...
*
Risk Management Risk management is the identification, evaluation, and prioritization of risks, followed by the minimization, monitoring, and control of the impact or probability of those risks occurring. Risks can come from various sources (i.e, Threat (sec ...
*
The Open Group The Open Group is a global consortium that seeks to "enable the achievement of business objectives" by developing " open, vendor-neutral technology standards and certifications." It has 900+ member organizations and provides a number of services ...
*
Threat (computer) In computer security, a threat is a potential negative action or event enabled by a vulnerability that results in an unwanted impact to a computer system or application. A threat can be either a negative " intentional" event (i.e. hack ...
* Security control * Security risk * Security service (telecommunication) *
Vulnerability (computing) Vulnerabilities are flaws or weaknesses in a system's design, implementation, or management that can be exploited by a malicious actor to compromise its security. Despite a system administrator's best efforts to achieve complete correctness, vi ...


References

{{DEFAULTSORT:Risk Factor (Computing) Computer security Risk analysis