Security Basics mailing list archives
Getting the value of an asset and the probability of a risk to it
From: "Rivest, Philippe" <Rivestp () metro ca>
Date: Fri, 16 May 2008 15:38:41 -0400
Currently doing my CISA and i have one small question, how do you do a quantitative risk assesment. Qualitative i understand, low,med,high or 1-10. but a quantitative risk assessment is harder and a bit more complex A) I know that first you need to identify your assets B) Then you have to identify the asset value for the enterprise (first problem) C) Then you have to identify the risks that your asset have D) You have to identify the impact and probability of these risk (my main question is how to do this) E) You then have to calculate the risk per asset which is clear to me. The stage B and D are unclear as to HOW do you affect a value to a server, computer asset, data and so on. Also how/what would you use to identify the probability of a risk. Last question, i understand that the human are the enterprises most valuable asset. If so, how much would one value's anothers life in a quantitative evaluation. Also in link to this question, if you value the life of someone to X, would you stop investing in protection at X or X-1$ or would you go as far as you can (considering that this could put a serious bill up). Would you consider human in a risk assesment? Thanks a lot for all the info i may get **And to all who are going for CISA/CISM in june, keep it up :P Merci Philippe Rivest, Certified Ethical Hacker Analyste en sécurité de l'information Métro Richelieu 450-662-3300x3115 ►Avant d'imprimer, demandez-vous si c'est nécessaire! ►Before printing, ask yourself if you really need to!
Attachment:
smime.p7s
Description:
Current thread:
- Basic Computer Security Advice Needed Mark Goodridge (May 16)
- RE: Basic Computer Security Advice Needed Sergio Castro (May 16)
- Getting the value of an asset and the probability of a risk to it Rivest, Philippe (May 16)
- RE: Getting the value of an asset and the probability of a risk to it Sergio Castro (May 16)
- Re: Getting the value of an asset and the probability of a risk to it Jon Kibler (May 17)
- RE: Getting the value of an asset and the probability of a risk to it Craig Wright (May 18)
- RE: Getting the value of an asset and the probability of a risk to it Murda Mcloud (May 20)
- RE: Getting the value of an asset and the probability of a risk to it Craig Wright (May 21)
- Getting the value of an asset and the probability of a risk to it Rivest, Philippe (May 16)
- RE: Getting the value of an asset and the probability of a risk to it Craig Wright (May 18)
- RE: Getting the value of an asset and the probability of a risk to it Rivest, Philippe (May 20)
- RE: Getting the value of an asset and the probability of a risk to it Craig Wright (May 21)
- RE: Basic Computer Security Advice Needed Sergio Castro (May 16)
- Re: Getting the value of an asset and the probability of a risk to it Jon Kibler (May 16)