This document presents a technique for conducting a risk analysis of an ADP facility and related assets. Risk analysis produces annual loss exposure values based on estimated costs and potential losses. The annual loss exposure values are fundamental to the cost effective selection of safeguards for... See full abstract

This document presents a technique for conducting a risk analysis of an ADP facility and related assets. Risk analysis produces annual loss exposure values based on estimated costs and potential losses. The annual loss exposure values are fundamental to the cost effective selection of safeguards for the security of the facility. An ADP facility of a hypothetical government agency is used for an example. The characteristics and attributes of a computer system which must be known in order to perform a risk analysis are described and an example is given of the process of analyzing some of the assets, showing how the risk analysis can be handled
Hide full abstract