Sikkerhetsmomenter Konfidensialitet n Integritet n Tilgjengelighet n Autentisering
- Slides: 7
Sikkerhetsmomenter Konfidensialitet n Integritet n Tilgjengelighet n Autentisering n Non-Repudiation (Uomtvistelig) n Sporbarhet n
Ord og definisjoner Risiko n Trussel n Sårbarhet n Tiltak (Sikring, Sikkerhetstiltak) n Eiendeler n Verdier n Beskyttelseskrav n
Termer og definisjoner n n n Trussel: kilde eller situasjon som potensielt kan påføre organisasjonens eiendeler skade Risiko: Sjansen for at noe skjer som kan ha påvirkning på ulike objekter, målt i sannsynlighet og konsekvens Akseptabel risiko: Risiko redusert til et nivå som kan aksepteres av organisasjonen
Matrise for trusselvurdering Frekvens/ Konsekvens Lav Middels Høy
Matrise for risikovurdering Kontroll/ Trusselnivå Lav Middels Høy Middels Lav
n Exposure, likelihood (L) is specified from 1 to 3 where 1 is low (<30%), 2 is middle (30 – 70%) and 3 is high (>70%) ¨ n Consequence (C) is specified when possible from 1 to 3 where 1 is low (of minor sighnificance), 2 is medium (impacts the result), and 3 is high (goal not achievable) ¨ n Trusselnivå Control Measures (M) specifies to which degree the measures described are considered effective. Low – Medium – High. ¨ n Konsekvens Level of Threat ( T ) is Likelihood (L) ”multiplied” by Consequence (C). ¨ n Eksponering Kontrollmuligheter The column for Risk Level (R) specifies the evaluation result as Low – Medium – High based on the scheme for Risk Assessment ¨ Risikonivå
n Exposure, likelihood (L) is specified from 1 to 3 where 1 is low (<30%), 2 is middle (30 – 70%) and 3 is high (>70%) n Consequence (C) is specified when possible from 1 to 3 where 1 is low (of minor sighnificance), 2 is medium (impacts the result), and 3 is high (goal not achievable) n Level of Threat ( T ) is Likelihood (L) ”multiplied” by Consequence (C). n Control Measures (M) specifies to which degree the measures described are considered effective. Low – Medium – High. n The column for Risk Level (R) specifies the evaluation result as Low – Medium – High based on the scheme for Risk Assessment
