Proceedings of the 4th ACM workshop on Quality of protection
A method for security governance, risk, and compliance (GRC): a goal-process approach
Foundations of security analysis and design VI
| Hi-index | 0.00 |
As modern business and financial institutions have come to rely more and more on large scale computers for management support, the magnitude of the risks and their potential consequences has increased correspondingly. In addition, large systems involving multiprocessing, resource sharing, and distributed processing have given rise to a new generation of risks due to the increased vulnerabilities of such large scale systems and the potential for fraudulent or malicious misuse of their resources. Somehow, these risks must be managed since either deliberate or accidental impairment of these large scale systems can have serious consequences for the business. That is, threats must be identified, and the likelihood of their occurrences and the elements of the system vulnerable to each of these threats must be established. Any program for risk management must begin with a risk analysis to compare the vulnerabilities in order to pinpoint and rank the system's weaknesses and to provide a guide for the cost-effective, systematic reduction of the probability of the system's being subverted or otherwise impaired.