HLSS505Wk5

Risk Analysis Data in Infrastructure Protection This week, we will discuss using the information obtained from the risk analysis process (intelligence, risk analysis process, etc.). A textbook definition of risk analysis would describe it as "a procedure to identify threats and vulnerabilities, analyze them to ascertain the exposures, and highlight how the impact can be eliminated or reduced." While another definition would say that is a process to determine what security is appropriate for a system or environment.

Either way, the bottom line is that the security you implement should be commensurate with the risks applicable. Risk Analysis should enable you to achieve this goal, and it should also help you prioritize where to invest limited security funding.

Making Security Modifications to Reduce Risk We will look at the main components of risk analysis and how that analysis will provide guidance in what to protect, how to protect it, and what limits on cost should be expended to protect an asset depending upon its prioritization. Note: That prioritization will differentiate depending upon the decision-maker.