摘要
文章在安全风险管理通用模型的基础上介绍了微软的安全风险管理流程,这是一个积极有效的方法,可以帮助各种规模的组织响应可能对其业务造成挑战的安全风险。该风险管理流程通过向组织提供一个持续的、条理清晰的步骤来组织和优先处理有限资源以管理风险,让组织以最具成本效益的方式运行。
This paper introduces the Microsoft Security Risk Management Procedure based on the general model of security risk management. This is an effective way to help organizations of all sizes to confront the security risks imperiling the success of the business. It provides persistent, explicit steps to prioritize to risks and make best use of the in-hand resources to manage them, helping organizations achieve the best cost-benefit operation.
出处
《信息安全与通信保密》
2006年第7期102-105,共4页
Information Security and Communications Privacy
关键词
风险管理
威胁
漏洞
暴露
risk management threat vulnerability exposure
