您的目标是将漏洞被利用的风险减轻到可接受的程度。
Your goal is to mitigate the risks of exploiting vulnerabilities to an acceptable level.
您需要管理每个威胁将利用一个或多个漏洞的风险,并使用合理的替代方法将风险降低到可接受的程度。
You need to manage risks that each threat will exploit one or more vulnerabilities and to mitigate risks to acceptable levels with cost-effective countermeasures.
这是一项平衡的措施——敏捷性对规则性,您只需尽可能地在连续统一体上向左移动,而不会将项目风险增加到一个不可接受的程度。
This is a balancing act — agility against discipline as you move as far left as possible on the continuum without increasing project risk to an unacceptable level.
得到这些答案后,确定哪些安全控制是服务提供商无法提供的,从而将高等和中等程度的风险降至一个可接受的范围。
After you get the answers, determine which security controls the provider cannot provide to mitigate the high and medium risks to more acceptable levels.
他们应仅推荐那些能够将重要的风险水平降至可接受程度或能很好的管理重要风险的控制程序。
They should only suggest that controls are improved if they consider that there are significant risks that are not currently being adequately managed or being reduced to an acceptable level.
可接受风险的程度有多大?
可接受风险的程度有多大?
应用推荐