Generic supplier viagra People keep asking questions like
If the risk equation I use is Impact * Probability, generic supplier viagra when it comes to calculating the residual risk value do I still need to consider the impact of Loss of confidentiality, generic supplier viagra integrity and availability of the asset afterwards ? My understanding us that the probability value may decrease after applying some controls to mitigate the risk, generic supplier viagra but how does does the impact change?
Generic supplier viagra Personally I don't like the use of the generalization "Impact". It hides details and it hides seeing where the control is being applied. Assets are often affected by more than one threat or more than one vulnerability. You really need to recalculate the whole thing over again after the controls have been applied - don't try for short cuts.
Generic supplier viagra I'd further suggest looking at
Generic supplier viagra I discuss this kind of over-simplification at
Generic supplier viagra
- Planning means planning for success and for not-success (herdingcats.typepad.com)
Mapuche viagra Some people seem to be making life difficult for themselves with risk models such as "Impact * Probability" and as such have lead themselves into all manner of imponderable ... Mapuche viagra since this model hides essential details.
Mapuche viagra I discuss the CLASSICAL risk equation in my blog
Mapuche viagra There is a good reason for, mapuche viagra no make that MANY good reasons, mapuche viagra for separating out the threat and the vulnerability and asset rather that just using "impact".
Mapuche viagra Any asset is going to be affected by many
Mapuche viagra Any control will almost certainly address many assets and in all likelihood deal with many threats and vulnerabilities.
Mapuche viagra Any reasonable approach will try to optimise this: make the controls more effective and efficient by having them cover as many assets, mapuche viagra threats or vulnerabilities as possible.
Mapuche viagra As such, mapuche viagra the CLASSICAL risk equation can then be viewed as addressing residual risk - the probability AFTER applying the controls.