Network Vulnerability Assessment Methodology 73
Risk Aversion
Network vulnerability assessment and the formation of security-related plans
do not result in risk-free systems. Perfect security and integrity are unattainable.
People build and operate the technology used in systems; the inevitable result
is errors and oversights. An organization cannot even approach zero risk;
rather, it needs to find the balance between acceptable cost and acceptable
risk that has been defined as practical and appropriate for this organization
to meet its business needs.
Business Impact Analysis (BIA)
The principal objective of the business impact analysis (BIA) is to determine
the effect of mission-critical information system failures on the viability and
operations of enterprise ...