fips191_33
FIPS PUB 191
of quality as indicated through a scale or ranking. One dimensional approaches consider only
Figure 3.6 - Calculating Cost Measure
In this example cost measure, the cost of the
safeguard is the amount needed to purchase or
develop and implement each of the mechanisms.
The cost can be normalized in the same manner as
was the value for potential loss incurred. A 1 will
indicate a mechanism with a low cost, a 2 will
indicate a mechanism with a moderate cost, and a 3
will indicate a mechanism with a high cost.
limited components (e.g. risk = magnitude of loss X frequency of loss). Multidimensional
approaches consider additional components in the risk measurement such as reliability, safety,
or performance. One of the most important
aspects of risk measure is that the
representation
be
understandable
and
meaningful to those who need to make the
safeguard selection and risk mitigation
decisions.
Figure 3.5 provides an example of a one
dimensional approach for calculating risk. In
this example, the levels of risk are now
normalized (i.e. low, medium and high) and
can be used to compare risks associated with
each threat. The comparison of risk measures
should factor in the criticality of the components used to determine the risk measure. For simple
methodologies that only look at loss and likelihood, a risk measure that was derived from a high
loss and low likelihood may result in the same risk measure as one that resulted from a low loss
and high likelihood. In these cases, the user needs to decide which risk measure to consider
more critical, even though the risk measures may be equal. In this case, a user may decide that
the risk measure derived from the high loss is more critical than the risk measure derived from
the high likelihood.
With a list of potential threats, vulnerabilities and related risks, an assessment of the current
security situation for the LAN can be determined. Areas that have adequate protection will not
surface as contributing to the risk of the LAN (since adequate protection should lead to low
likelihood) whereas those areas that have weaker protection do surface as needing attention.
3.5 Risk Mitigation
3.5.1 Process 5 - Select Appropriate Safeguards
The purpose of this process is to select appropriate safeguards. This process can be done using
risk acceptance testing.
Risk acceptance testing is described by [KATZ92] as an activity that compares the current risk
measure with acceptance criteria and results in a determination of whether the current risk level
is acceptable. While effective security and cost considerations are important factors, there may
be other factors to consider such as: organizational policy, legislation and regulation, safety and
reliability requirements, performance requirements, and technical requirements.
35