摘要
With rapid development of the technology, many organizations depend more on the information than before and they will process mountains of information everyday. Hence, an information system is designed to facilitate managing information. Security is applied to insure data confidentiality, integrality and availability. In this process, risk can not be ignored. How can we analyze the degree of the risk we can accept to provide effective protection at reasonable costs with a great return on investment? Now many methodologies are proposed. In the paper, one method "Risk = Value * Threat * Vulnerability" is analyzed so that more people can have a basic understanding about the risk.
With rapid development of the technology, many organizations depend more on the information than before and they will process mountains of information everyday. Hence, an information system is designed to facilitate managing information. Security is applied to insure data confidentiality, integrality and availability. In this process, risk can not be ignored. How can we analyze the degree of the risk we can accept to provide effective protection at reasonable costs with a great return on investment? Now many methodologies are proposed. In the paper, one method "Risk = Value * Threat * Vulnerability" is analyzed so that more people can have a basic understanding about the risk.
