帮忙翻译!不要机器翻译!有点多,要是翻译的不错可以在加分! 50
ActualThreatstotheInformationSystemsAriskisthelosspotentialthatexistsastheresultofthr...
Actual Threats to the Information Systems
A risk is the loss potential that exists as the result of threat and vulnerability pairs. A number of threats and an evaluation of the areas in which they are threats and a measure of concern that each risk exists are listed. A threat is “any force or phenomenon that could degrade the availability, integrity or confidentiality of an Information Systems resource, system or network. One definition is “any circumstance or event with the potential to cause harm to a system in the form of destruction, disclosure, modification of data, and/or denial of use.”
For each threat, an individual needs to estimate the loss if the threat were to occur. Therefore, an individual needs to know:
· the replacement cost
· the cost to recreate intellectual property
· the value of an hour of computing time.
· Other considerations (embarrassment, loss of confidence,…)
Here is one way to classify the type of risk to the resource that a particular threat poses. The classifications are availability, confidentiality and integrity.
· Availability - This is broadly defined as having the resource in a given place, at the given time, and in the form needed by the user.
· Confidentiality - Some define this as “The concept of holding sensitive data in confidence, limited to an appropriate set of individuals or organizations”.
· Integrity - One can define this as “The ability of an AIS to perform its intended function in a sound, unimpaired manner.”
Some of these threats - though not necessarily all - are given below. Naturally, you must consider your own situation. Some threats will not matter and may be dropped from consideration and there may be unique considerations with your specific site.
Numeric and Objective Risk Analysis
Human beings are phenomenally poor at estimated the probability of a risk. Estimation problems often arise from assigning a higher likelihood to what they see or to their perceived the significance. To help correct for this problem, an djustment may be made by forming three separate “guesstimates”: the minimum chance of something occurring, the most likely chance, and the greatest likelihood. The
minimum is added to the maximum and the total added to four times the most likely value. The resulting sum is then divided by six. This process is used to derive the average value, instead of what would be the most likely value.
Some chances of events occurring may be gathered from What are the Chances by B. Siskin and J.Staller.
· Chances of being struck by lightning in your lifetime: 1 in 600,000
· Average American is 99.8% likely to live at least one more year
· The chance a devastating earthquake will hit southern California in the next 25 years:50%
The Computer Emergency Response Team Coordination Center cataloged 2,134 computer security incidents reported in 1997, along with 311 vulnerabilities. 展开
A risk is the loss potential that exists as the result of threat and vulnerability pairs. A number of threats and an evaluation of the areas in which they are threats and a measure of concern that each risk exists are listed. A threat is “any force or phenomenon that could degrade the availability, integrity or confidentiality of an Information Systems resource, system or network. One definition is “any circumstance or event with the potential to cause harm to a system in the form of destruction, disclosure, modification of data, and/or denial of use.”
For each threat, an individual needs to estimate the loss if the threat were to occur. Therefore, an individual needs to know:
· the replacement cost
· the cost to recreate intellectual property
· the value of an hour of computing time.
· Other considerations (embarrassment, loss of confidence,…)
Here is one way to classify the type of risk to the resource that a particular threat poses. The classifications are availability, confidentiality and integrity.
· Availability - This is broadly defined as having the resource in a given place, at the given time, and in the form needed by the user.
· Confidentiality - Some define this as “The concept of holding sensitive data in confidence, limited to an appropriate set of individuals or organizations”.
· Integrity - One can define this as “The ability of an AIS to perform its intended function in a sound, unimpaired manner.”
Some of these threats - though not necessarily all - are given below. Naturally, you must consider your own situation. Some threats will not matter and may be dropped from consideration and there may be unique considerations with your specific site.
Numeric and Objective Risk Analysis
Human beings are phenomenally poor at estimated the probability of a risk. Estimation problems often arise from assigning a higher likelihood to what they see or to their perceived the significance. To help correct for this problem, an djustment may be made by forming three separate “guesstimates”: the minimum chance of something occurring, the most likely chance, and the greatest likelihood. The
minimum is added to the maximum and the total added to four times the most likely value. The resulting sum is then divided by six. This process is used to derive the average value, instead of what would be the most likely value.
Some chances of events occurring may be gathered from What are the Chances by B. Siskin and J.Staller.
· Chances of being struck by lightning in your lifetime: 1 in 600,000
· Average American is 99.8% likely to live at least one more year
· The chance a devastating earthquake will hit southern California in the next 25 years:50%
The Computer Emergency Response Team Coordination Center cataloged 2,134 computer security incidents reported in 1997, along with 311 vulnerabilities. 展开
2个回答
展开全部
实际威胁信息系统
风险是丧失了存在潜在威胁的结果和脆弱性对。许多威胁和评价区域中,他们是威胁担心及衡量各风险存在上市。威胁“任何力量或现象,是否会对其有效性、完整性或机密信息系统的资源,系统或网络连接。“任何情况下的一种定义和事件,这可能会造成伤害到系统的破坏,形式的泄露、修改的数据,和/或拒绝使用。”
为每个威胁,一个人需要估计损失发生的威胁。因此,一个个人需要知道:
·重置成本
·成本重现的知识产权
·价值一个小时的计算时间。
·其他的考虑(尴尬,信心的丧失,…)
这是一种方法,对种类型的风险为资源,使某一特定威胁姿势。分类的有效性,机密性、完整性。
·可用性——这是广义的定义为具有资源在某一地点,在给定的时间,以用户的需要。
·保密,一些定义这是”的概念里的敏感数据保持信心,局限于适当的个人或组织”。
·真诚合作-只能定义此为" AIS的学习能力履行预定的功能在一个声音,减的态度。”
一些此类威胁,虽然这不说明了,下面。当然,你必须考虑到你自己的情况上。一些威胁都不会有问题,可以从体谅下降,也可以和他们独特的考虑事项您有特殊的网站。
数字和客观的风险分析
人类是非常贫穷的可能性估计风险。估计问题往往起因于指定一个更高的可能他们看到了些什么或知觉意义了。帮助正确的笔
风险是丧失了存在潜在威胁的结果和脆弱性对。许多威胁和评价区域中,他们是威胁担心及衡量各风险存在上市。威胁“任何力量或现象,是否会对其有效性、完整性或机密信息系统的资源,系统或网络连接。“任何情况下的一种定义和事件,这可能会造成伤害到系统的破坏,形式的泄露、修改的数据,和/或拒绝使用。”
为每个威胁,一个人需要估计损失发生的威胁。因此,一个个人需要知道:
·重置成本
·成本重现的知识产权
·价值一个小时的计算时间。
·其他的考虑(尴尬,信心的丧失,…)
这是一种方法,对种类型的风险为资源,使某一特定威胁姿势。分类的有效性,机密性、完整性。
·可用性——这是广义的定义为具有资源在某一地点,在给定的时间,以用户的需要。
·保密,一些定义这是”的概念里的敏感数据保持信心,局限于适当的个人或组织”。
·真诚合作-只能定义此为" AIS的学习能力履行预定的功能在一个声音,减的态度。”
一些此类威胁,虽然这不说明了,下面。当然,你必须考虑到你自己的情况上。一些威胁都不会有问题,可以从体谅下降,也可以和他们独特的考虑事项您有特殊的网站。
数字和客观的风险分析
人类是非常贫穷的可能性估计风险。估计问题往往起因于指定一个更高的可能他们看到了些什么或知觉意义了。帮助正确的笔
本回答由网友推荐
已赞过
已踩过<
评论
收起
你对这个回答的评价是?
语言桥
2024-04-03 广告
选择一家专业的翻译公司,对于确保翻译质量和效率至关重要。以下是几个建议,帮助您做出明智的选择:首先,审查翻译公司的资质和声誉。一个专业的翻译公司通常具备相应的行业认证和资质,这可以作为其专业能力的初步证明。同时,您可以查阅客户评价、行业评级...
点击进入详情页
本回答由语言桥提供
推荐律师服务:
若未解决您的问题,请您详细描述您的问题,通过百度律临进行免费专业咨询
