摘要 |
The invention discloses a method of assessing risk on an information asset of an organization and optimizing selection of controls for securing such information asset. The method includes identifying risk parameters and generating a Risk Scenario based on Threats and Vulnerabilities of such information asset, characterizing and measuring such risk parameters based on user inputs, evaluating Nature of Risk based on the organization's conditions and calculating Measure of Risk (MOR), and selecting optimized controls based on a Risk Treatment Plan (RTP) for managing such risk parameters. |