1. İSGForum'a Hoş Geldiniz..
    İSGForum gerçek hayatta 'İş Güvenliği ve Çevre' adına yaşadığınız her şeyi olduğu gibi burada paylaşmanızı, kişilerle iletişim kurmanızı sağlar. Fotoğraf albümü, durum güncelleme, yorum, konu, mesaj vb. şeyleri istediğiniz herkese paylaşabilirsiniz. Üniversite arkadaşlarınızı bulabilir, onları takip edebilir ve onlarla iletişim kurabilirsiniz. Duvarlarına yazarak yorum formatında sohbet edebilirsiniz. İSGForum ile ortamınızı kurabilir, kişilerle fikir - bilgi alışverişi yapabilir ve etkinlikler düzenleyebilirsiniz. İSGForum'un tüm hizmetleri kuruluşundan beri ücretsizdir ve ücretsiz olarak kalacaktır. Daha fazla bilgi için site turumuza katılmak ister misiniz? O zaman buraya tıklayınız :) Giriş yapmak ya da kayıt olmak için .

Fmea risk analizi

Konusu 'Risk Değerlendirmeleri ve Yönetimi' forumundadır ve ISGforum.net tarafından 7 Nisan 2014 başlatılmıştır.

  1. ISGforum.net ISGForum Inc.

    • Site Yöneticisi
    An illustration of the application of Failure Modes and Effects Analysis (FMEA) techniques to the analysis of information security risks

    Introduction and acknowledgement

    The original version of this spreadsheet was kindly provided to the ISO27k Implementers' Forum by Bala Ramanan to demonstrate how the FMEA method can be used to analyze information security risks. Subsequently, Bala kindly agreed to donate it to the ISO27k Toolkit. Apart from minor updates and reformatting, it is essentially unchanged. We are very grateful for Bala's input.

    Contents

    The FMEA Sample tab has the actual illustration - an analysis of possible failure modes for a firewall.
    The Guidelines provide additional notes on the FMEA method, including a step-by-step process outline.
    The Severity, Probability and Detectability tabs have tables demonstrating scales commonly used to rank risks by these criteria.

    Disclaimer

    Risk analysis is more art than science. Don't be fooled by the numbers and formulae: the results are heavily influenced by the accuracy of the users' assessment of risk factors, on the definition of information assets and on the framing of risks being considered. For these reasons, the process is best conducted by a team of people with solid expertise and practical experience of (a) assessing and managing information security risks, and (b) the organization, its internal and external situation with respect to information security. Don't expect to get definitive answers from anyone. It is impossible to guarantee that all risks have been considered and analyzed correctly. Some very experienced practitioners in this field claim that all risk analysis is basically bunkum, and we have some sympathy with that viewpoint.
    The results of the analysis should certainly be reviewed by management (ideally including IT auditors, Legal, HR, other support functions and/or information security consultants) and may be adjusted according to their experience, so long as the expert views are taken into consideration. Remember: just because the organization has little if any experience of a particular informaiton security risk does not necessarily mean that it can be discounted. Organizations with immature security management processes and systems may have significant ongoing security incidents that are not even recognized, due to inadequate incident detection and reporting processes.

    Ekli Dosyalar:

  2. Abdulkadir. İSGforum Üyesi

    Uzmanlık Sınıfı:
    C Sınıfı Uzman