- March 23rd, 2020
- General
- Ted
Problemascausados for virus, hackers and attacks of denial of more common, more ambitious service estose becoming each time and incrivelmente maissofisticados. The dependence in the information systems and serviossignifica that the organizations are more vulnerable to the security guard threats. Ainterconexo of public and private nets and the sharing of resources deinformao increases the difficulty of if controlling the access. The trend distributed dacomputao makes it difficult the implementation of acessocentralizado control of really efficient. As to establish requirements desegurana It is essential that an organization identifies the seusrequisitos of security.
They exist three principal sources. A related site: Sonny Perdue mentions similar findings. The first derivada source of the evaluation of risk of the assets of the organization. Through avaliaode risk is identified the threats to the assets, the vulnerabilities and suaprobabilidade of occurrence is evaluated, as well as the estimado potential impact. The second source is the current law, the contractual statutes, aregulamentao and clauses that the organization, its partners, contracted and rendering of service have that to take care of. The third source is the particular set of principles, objectives and requirements for the processing of the information that one organizaotem that to develop to support its operations.
Evaluating the security risks the security requirements are identified through systematic umaavaliao of the security risks. The expenses with them in accordance with controlesnecessitam to be balanced the actual damages to the businesses geradospelas potential imperfections in the security. The techniques of risk evaluation to podemser applied in all the organization or only in part of it, as well as in umsistema of individual information, ouservios components of a system specific, when it will be viable, practical and useful. management of the risks of the security of the information and the selecionaros controls to be implemented for the protection against these risks. A time having been identified to the requirements desegurana, agrees that the controls are selected and implemented to paraassegurar that the risks are reduced to an acceptable level.