3. Alternative approaches to risk mapping
This section presents other approaches to risk analysis and management. These are also risk maps, but not only represented according to the frequency-cost approach.
3.1 SSI mapping – Threats and vulnerabilities
Risk mapping in the field of information systems security can also be represented using the frequency-cost approach. However, the methodological approaches widely used in this field represent IT security risks in different ways, which are complementary.
Table 3 illustrates this approach, which can be found in the EBIOS Risk Manager method (recommended by the French National Agency for Information Systems Security), which aims to represent information systems security...
The Ultimate Scientific and Technical Reference
This article is included in
Security of information systems
This offer includes:
Knowledge Base
Updated and enriched with articles validated by our scientific committees
Services
A set of exclusive tools to complement the resources
Practical Path
Operational and didactic, to guarantee the acquisition of transversal skills
Doc & Quiz
Interactive articles with quizzes, for constructive reading
Alternative approaches to risk mapping
The benefits and limitations of risk mapping
Bibliography
Bibliography
Standards and norms
- Information Technology – Safety technology – Information security management systems – Requirements - ISO/IEC 27001 - 2013
- Risk management – Guidelines, Operational implementation - ISO 31000 - 2018
Regulations
Article R. 4121-1 of the French Labor Code on the single assessment document.
Article L. -561-15 of the French Monetary and Financial Code on LCB-FT vigilance.
Article 17 of the "Sapin II" law, a law on transparency, action against corruption and the modernization of economic life.
European DORA regulation: Digital Operational Resilience ACT (directive...
The Ultimate Scientific and Technical Reference
