acshbocio7.pdfVIP专享VIP免费原创优质

下载本文档

阅读 126
下载 6
格式 pdf
大小 873.25 KB
约72页
2025-01-31 发布于陕西
收藏
评论
点赞(0)
海报
举报

/72

ADMINISTRATIVECOMMUNICATIONSSYSTEMU.S.DEPARTMENTOFEDUCATIONHandbookOCIO-07Page1of72(01/13/2004)Distribution:Approvedby:/s/AllDepartmentofEducationEmployeesWilliamJ.LeidingerAssistantSecretaryforManagementHandbookforInformationTechnologySecurityRiskAssessmentProceduresSupersedesHandbookOCIO-07“HandbookforInformationTechnologySecurityRiskAssessmentProcedures”dated05/12/2003.Fortechnicalquestionsrelatingtothishandbook,pleasecontactJenniferBealeon202-401-2195orviae-mail.DEPARTMENTOFEDUCATIONINFORMATIONTECHNOLOGYSECURITYInformationTechnologySecurityRiskAssessmentProceduresDecember2003HandbookforInformationTechnologySecurityRiskAssessmentProcedures01/13/2004iiTABLEOFCONTENTS1.INTRODUCTION............................................................................................................11.1Purpose...............................................................................................................................11.2Background........................................................................................................................11.3Scope..................................................................................................................................11.4Structure.............................................................................................................................22.RISKASSESSMENTCONCEPTS................................................................................32.1WhyConductaRiskAssessment?....................................................................................32.2WhenShouldaRiskAssessmentbeConducted?..............................................................32.3HowistheRequiredLevelofEffortforaRiskAssessmentDetermined?.......................42.3.1WhatiftheGSSorApplicationisCategorizedasaTier0?.......................................42.4HowdoestheRiskAssessmentFeedintotheC&AProcess?...........................................52.5WhoisResponsibleforConductingtheRiskAssessment?..............................................62.6WhatisInformationSensitivityandMissionCriticality?.................................................72.6.1InformationSensitivity.................................................................................................82.6.2MissionCriticality.......................................................................................................92.7HowareThreatandVulnerabilityDefined?......................................................................92.7.1Threat...........................................................................................................................92.7.2Vulnerability..............................................................................................................112.7.3RelationshipBetweenThreatandVulnerability........................................................112.8WhichSecurityDomainsShouldbeAssessed?..............................................................112.9WhatInformationGatheringTechniquesShouldbeUsedWhenConductingaRiskAssessment?.....................................................................................................................122.9.1Questionnaire.............................................................................................................122.9.2Interviews.............

1、当您付费下载文档后，您只拥有了使用权限，并不意味着购买了版权，文档只能用于自身使用，不得用于其他商业用途（如 [转卖]进行直接盈利或[编辑后售卖]进行间接盈利）。
2、本站所有内容均由合作方或网友上传，本站不对文档的完整性、权威性及其观点立场正确性做任何保证或承诺！文档内容仅供研究参考，付费前请自行鉴别。
3、如文档内容存在违规，或者侵犯商业秘密、侵犯著作权等，请点击“违规举报”。

碎片内容