Information Security Management Handbook
Information Security Management Handbook
Information Security Risk Analysis
Information Security Risk Analysis
Information Security Management Handbook, Volume 1
Information Security Management Handbook, Volume 1
SP 800-30. Risk Management Guide for Information Technology Systems
SP 800-30. Risk Management Guide for Information Technology Systems
| Hi-index | 0.00 |
Acceptable risk is the residual risk that follows the implementation of the safeguard. Residual risk is the qualitative or quantitative risk that could not be removed, or which was accepted. Managing the residual risk is the core of risk management. This includes determining which risk to take, which to remove, and what to do with the residual risk. The quantitative residual risk calculation is based on calculating threats, vulnerability, asset value, and control gap. In this paper, the description of an economic model for acceptable risk focuses on calculating asset absorption instead of calculating likelihood. This model provides a more quantifiable measurement and is based on the assumption that the value of an asset is less than optional risk and Acceptable Risk = Asset Value%. The final model calculates the security investment based on the accepted risk of a business investment.