摘要 |
Methods and apparatus, including computer program products, for risk assessment and analysis. In one general aspect, asset data representing a set of assets is received. Threat data representing a set of threats is received. Requirements data representing one or more requirements is received, wherein each requirement requires compliance with a regulation and a failure to satisfy the requirement constitutes a threat additional to the set of threats. Measures data representing a set of measures is received. A current status is calculated using the measures data and the requirements data based on a level of compliance with the requirements, the level of compliance determined by the measures and the additional one or more threats to one or more assets represented by the measures data and the requirements data.
|