GB/T 20984-2022 Translated English of Chinese Standard (GB/T20984-2022, GBT 20984-2022): Information security technology -- Risk assessment method for information security
https://www.chinesestandard.net, 2022 M08 21 - 49 pages
This document describes the basic concepts of information security risk assessment, relationship between risk factors, principles of risk analysis, implementation process and assessment method of risk assessment, as well as the implementation points and work forms of risk assessment at different stages of information system lifecycle. This document applies to all types of organizations conducting information security risk assessments.
accident According activities adjustment Appendix application aspects assessment object Asset identification assets is required assignment availability of assets business importance calculation carried cause changes classification communication complete components and unit comprehensive evaluation level conduct confidentiality consider corresponding damage Description destruction detection determine divided document effect environment equipment room established existing factors failure frequency functions GB/T gives goals grading hardware identification impact impact on assets implementation importance information security information system integrity losses Man-made measures method motivation needs operation organization Organizational performance personnel physical platform positioning protection provides reference relationship relevant requirements risk analysis risk assessment risk evaluation security attribute security control security incident security requirement self-assessment serious specific stage standards system assets system components Table technical testing threat threat behavior types unit assets various vulnerability