52ky 发表于 2022-9-9 18:55:47

信息安全风险评估与风险管理

信息安全:信息的保密性、完整性、可用性的坚持。风险评价:对信息和信息管理设备的要挟,影响和薄故障以及要挟发作的可能性的评价。风险管理:以可接受的费用识别、控制、下降或消除可能影响信息系统安全的风险的进程。要挟:是指某个人、物、事件或概念对某一资源的保密性、完整性、可用性或合法使用所形成的风险。

(Information security: insist on confidentiality, integrity and availability of information. Risk assessment: An assessment of the threat, impact and failure of information and information management equipment, as well as the likelihood of a threat occurring. Risk Management: The process of identifying, controlling, mitigating or eliminating risks that may affect the security of information systems at an acceptable cost. Threat: A risk posed by a person, thing, event, or concept to the confidentiality, integrity, availability, or legitimate use of a resource.)




页: [1]
查看完整版本: 信息安全风险评估与风险管理