fips191_28
FIPS PUB 191
the LAN is acceptable. Risk mitigation involves three steps: determining those areas where risk
Figure 3.1 - Risk Management Process
1. Define the Scope and Boundary and Methodology
2. Identify and Value Assets,
3. Identify Threats and Determine Likelihood,
4. Measure Risk,
5. Select Appropriate Safeguards,
6. Implement and Test Safeguards,
7. Accept Residual Risk.
is unacceptable; selecting effective safeguards, and evaluating the controls and determining if the
residual risk to the LAN is acceptable.
Organizations can select from a variety of risk
management methodologies. The goal is for
an organization to choose the most effective
approach for the organization.
The
methodology discussed here consists of seven
processes (outlined in Figure 3.1).
3.4 Risk Assessment
3.4.1 Process 1 - Define the Scope and
Boundary, and Methodology
This process determines the direction that the
risk management effort will take. It defines
how much of the LAN (the boundary) and in
how much detail (the scope) the risk management process should entail. The boundary will
define those parts of the LAN that will be considered. The boundary may include the LAN as
a whole or parts of the LAN, such as the data communications function, the server function, the
applications, etc. Factors that determine the boundary may be based on LAN ownership,
management or control. Placing the boundary around a part of the LAN controlled elsewhere may
result in cooperation problems that may lead to inaccurate results. This problem stresses the need
for cooperation among those involved with the ownership and management of the different parts
of the LAN, as well as the applications and information processed on it.
The scope of the risk management effort must also be defined. The scope can be thought of as
a logical outline showing, within the boundary, the depth of the risk management process. The
scope distinguishes the different areas of the LAN (within the boundary) and the different levels
of detail used during the risk management process. For example some areas may be considered
at a higher or broader level, while other areas may be treated in depth and with a narrow focus.
For smaller LANs, the boundary may be the LAN as a whole, and the scope may define a
consistent level of detail throughout the LAN. For larger LANs, an organization may decide
to place the boundary around those areas that it controls and to define the scope to consider all
areas within the boundary. However the focus on data communications, external connections,
and certain applications might be more narrow. Changes in the LAN configuration, the addition
of external connections, or updates or upgrades to LAN software or applications may influence
the scope.
The appropriate risk management methodology for the LAN may have been determined prior to
30