Back to Security Pattern Catalog




Risk Determination


Classification Key : Security Pattern Space

Problem

The appropriate security plan is identified by assessing the security needs of the assets. How can realistic enterprise security needs be explicitly identified?

Solution

Make a list of the business assets. Classify them and identify the types of protection needed. This activity is typically performed by an enterprise architect or strategic planner. 1. Identification of Business Assets of the Enterprise 2. Identification of Business Drivers that influence security protection needs of assets. 3. Determination of relationship between Assets and Business Drivers. 4. Identification of Security Needs. 5. Creation of Security Association between Assets and Security Needs.

Known Uses

NIST 800-30 uses a 3x3 matrix for risk determinations.

Related Patterns

Security Needs Identification for Enterprise Assets

Source

Wiley Book

Tags

Risk, Threat


 

Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz