2 cissp ® Official Study Guide Eighth Edition



Download 19,3 Mb.
Pdf ko'rish
bet87/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   83   84   85   86   87   88   89   90   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Delphi Technique
The Delphi technique is probably the only mechanism on the previous list that is not 
immediately recognizable and understood. The 
Delphi technique
is simply an anonymous 
feedback-and-response process used to enable a group to reach an anonymous consensus. Its 
primary purpose is to elicit honest and uninfluenced responses from all participants. The par-
ticipants are usually gathered into a single meeting room. To each request for feedback, each 
participant writes down their response on paper anonymously. The results are compiled and 
presented to the group for evaluation. The process is repeated until a consensus is reached.
Both the quantitative and qualitative risk analysis mechanisms offer useful results. 
However, each technique involves a unique method of evaluating the same set of assets and 
risks. Prudent due care requires that both methods be employed. Table 2.2 describes the 
benefits and disadvantages of these two systems.
Ta b l e 2 . 2
Comparison of quantitative and qualitative risk analysis
Characteristic
Qualitative
Quantitative
Employs complex functions
No
Yes
Uses cost/benefit analysis
No
Yes
Results in specific values
No
Yes
Requires guesswork
Yes
No
Supports automation
No
Yes
Involves a high volume of information
No
Yes
Is objective
No
Yes
Uses opinions
Yes
No
Requires significant time and effort
No
Yes
Offers useful and meaningful results
Yes
Yes

76
Chapter 2 

Personnel Security and Risk Management Concepts
Risk Responses
The results of risk analysis are many:

Complete and detailed valuation of all assets

An exhaustive list of all threats and risks, rate of occurrence, and extent of loss if 
realized

A list of threat-specific safeguards and countermeasures that identifies their 
effectiveness and ALE

A cost/benefit analysis of each safeguard
This information is essential for management to make educated, intelligent decisions 
about safeguard implementation and security policy alterations.
Once the risk analysis is complete, management must address each specific risk. There 
are several possible responses to risk:

Reduce or mitigate

Assign or transfer

Accept

Deter

Avoid

Reject or ignore
You need to know the following information about the possible risk responses:

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   83   84   85   86   87   88   89   90   ...   881



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish