Suche aufrufen
Menü aufrufen
47
1.3K
10
34.8K
HITGuard User Guide
Toggle preferences menu
Persönliches Menü aufrufen
Nicht angemeldet
Ihre IP-Adresse wird öffentlich sichtbar sein, wenn Sie Änderungen vornehmen.

Translations:Berichte für Maßnahmen/183/en

Aus HITGuard User Guide
Weitere Optionen

Evaluation of the measures
Every measure is evaluated as to its criticality. How critical a measure is depends on the potential damage of the recognized vulnerability and the probability of occurrence of the event. The criticality of the measure results in the urgency of that vulnerability's correction.

Measure criticality
The criticality of a measure depends on the affected IT system and the data related to that. This can be ascertained by means of the business impact analysis and risk analyses carried out. If there is no such analysis for the affected serice, the following consideration is to be made:

  1. If the measure affects IT core services (such as, e.g., the network, the firewall, e-mail services or even physical security such as access to the server room), then the criticality level HIGH is to always be assumed.
  2. For all IT services not covered by point 1), the following deliberation is to be made:
    • The threat potential is LOW, if
      • monetary damages of up to EUR 300K for the company are possible,
      • an image loss of partially external ramification could occur,
      • the physical integrity of persons cannot be guaranteed, even if the occurrence is unlikely.
    • The threat potential is MEDIUM, if
      • monetary damages from over EUR 300K to up to EUR 5 million for the company are possible,
      • an image loss with customers and partners could occur, that would have to be compensated with mid-term measures,
      • the physical integrity of persons cannot be guaranteed, and the occurrence is not unlikely.
    • The threat potential is HIGH, if
      • monetary damages of over EUR 5 million for a company are possible,
      • negative media coverage cannot be ruled out (with unavoidable mid- to long-term consequences),
      • there is definitely danger to the life and limb of persons.
  3. If no associated risk analysis is available, the probability of occurrence of the threat must also be considered. If the probability of occurrence of the risk is estimated to be very unlikely (or would have to be triggered by a chain of events) or compensating measures for the reduction of the risk have already been taken, then the risk level can be reduced. If a vulnerability can be exploited externally, the risk level may not be reduced.

Abgerufen von „https://userguide.hitguard.de/index.php?title=Translations:Berichte_für_Maßnahmen/183/en&oldid=30558
Zuletzt geändert
Diese Seite wurde zuletzt am 14. März 2024 um 07:54 Uhr bearbeitet.