HostedDB - Dedicated UNIX Servers
fips191_25 FIPS PUB 191 use was for the risk analysis of large data centers.   [FIPS65] describes how an estimate of risk (i.e. Annual Loss Expectancy) could be obtained by estimating, for each application data file: (1) the  frequency  of  occurrence  of  harmful  impact  (i.e.,  destruction,  modification,  disclosure  or unavailability of the data file) and (2) the consequences (in dollars) that could result from each of the impacts [KATZ92].   [KATZ92] explains that "recognizing the lack of empirical data on frequency of occurrence of impacts and the related consequences, FIPS 65 suggested an ’order of  magnitude  approach’  to  approximating  these  values.     That  this  concept  was  not  well understood by users of that method has been illustrated by numerous attempts to be too precise in quantifying the input data to FIPS 65 and, by the same token, interpreting the results as having more precision than they actually had. "    FIPS 65 may be used for a risk assessment of a LAN; however agencies may choose other methodologies and techniques if the agency finds them to be more appropriate and effective. Automated risk analysis tools are available that are tailored specifically to the LAN environment. [GILB89] points out the many benefits of using automated risk analysis tools.   However there is  a  concern  in  using  automated  risk  analysis  tools.  There  are  many  techniques  available  to calculate risk.  While most depend on a loss variable and a likelihood or probability variable, the manner in which these variables are represented, the calculations that are used on these variables, and the manner in which the risk value is represented is not always made available to the user. This disadvantage is compounded because there is currently no standard method or agreed upon approach  for  performing  risk  analysis.    While  there  exists  a  proposed  standard  framework [KATZ92] for risk analysis that provides vendors with some guidance in developing these tools, there  are  no  agreed  upon  methods  for  representing  the  necessary  variables  to  perform  a  risk analysis,  and  there  are  no  agreed  upon  methods  for  calculating  risk  using  these  variables. Because  of  this  lack  of  consistent  agreement  with  the  risk  community,  coupled  with  the proprietary nature of the tools, determining the effectiveness of any particular method may be difficult.   On  the  other  hand,  if  the  methodology  used  by  the  tool  is  understood  and  deemed acceptable for the user, then the tool may prove to be quite adequate.   The underlying question in  determining if  a tool  will be  effective for  a particular  environment should  be, "What  is the automated risk analysis tool measuring, and are the results produced by it useful for providing appropriate  LAN  security?"  [GILB89]  discusses  the  use  of  automated  risk  analysis  tools,  and examines criteria that can be considered in the automated tools selection process. Another approach for performing   risk analyses is to develop sets of baseline security controls needed for predefined levels of risk.    The predefined levels of risk may be based on the asset alone  (e.g.  data  is  considered  sensitive  due  to  an  agency  policy  or  federal  mandate),  the consequence that would result from the loss of the asset (e.g. the agency may not be able to meet its  mission)  or  other  factors.   This  allows  data  owners  and  those  responsible  for  ensuring  the security of the LAN to determine the level of risk for specific assets, and follow the guidance and implement the controls that have been deemed appropriate.    This approach may provide an agency  with  the  benefit  of  having  consistent  protection  for  specified  types  of  assets.    This approach has been implemented in [DOE89], [HHS91], [NASA90].  A benefit  of this approach 27