The University of SydneyPage 39Principle 7: Security = Risk Management–Security is not concerned with eliminating all threats within a system or facility but with addressing known threats and minimizing losses–Risk analysis and risk management are central themesto securing information systems–Risk assessment and risk analysis are concerned with placing an economic value on assets to best determine appropriate countermeasuresthat protect them from losses
LikelihoodConsequences1. Insignificant2. Minor3. Moderate4. Major5. CatastrophicA(almost certain)HighHighExtremeExtremeExtremeB (likely)ModerateHighHighExtremeExtremeC (moderate)LowModerateHighExtremeExtremeD(unlikely)LowLowModerateHigh ExtremeE (rare)LowLowModerateHighHigh