|
|
We evaluate risks according to a formulaThe first thing a regulated entity expects as part of this obligation is to establish a methodology for the identification and assessment of risks, and with it the criteria for the acceptability of these risks. Appendix No. of the decree can help with this, which introduces a mathematical function for quantifying the risk value, into which the asset value, threat and vulnerability are inserted as variables.
NÚKIB proposes to multiply these "quantities" among themselves, i.e. the level of risk would then Chinese American Phone Number List be equal to the value of the asset × threat × vulnerability. However, it is not absolutely necessary to choose this formula, it is even possible to resort to a completely different method of risk management, provided that "the same or a higher process is ensured".
The obliged entity thus has a fairly free choice whether to choose the procedure according to the decree and to calculate in the described manner what is at risk to the assets it manages, or to choose its own, novel method, but with the risk that if NÚKIB evaluates it as a method ensuring a lower level risk management, the regulated entity will contribute a fine to the state budget for its novelty.Scored scales are usedTherefore, it is only recommended to stick to the procedure in Annex No. of the decree.
|
|
發表於 2024-3-7 19:03:34
