No, the issue of information network security after 1995 is "risk management". Risk management refers to a management method that through understanding, measuring and analyzing risks, choosing the most effective way, proactively, purposefully and plannedly handling risks, and striving to obtain maximum safety guarantee at minimum cost.
Risk Management(Risk Management) refers to how to minimize risks in a project or enterprise in an environment that is definitely risky. management process.
Risk management refers to a management method that selects the most effective way to proactively, purposefully and plannedly handle risks through the understanding, measurement and analysis of risks, and strives to obtain maximum safety guarantee at minimum cost. .
When enterprises face market opening, regulatory lifting, and product innovation, the degree of change and volatility will increase, and the risks of operations will also increase. Good risk management can help reduce the probability of decision-making errors, avoid the possibility of losses, and relatively increase the added value of the enterprise itself.
Goals of risk management
Risk management is a purposeful management activity. Only when the goal is clear can it play an effective role. Otherwise, risk management will become a mere formality, without practical significance, and its effectiveness cannot be evaluated.
The goal of risk management is to obtain maximum security at the minimum cost. Therefore, it is not only a safety production issue, but also includes risk identification, risk assessment and risk management, involving finance, safety, production, equipment, logistics, technology and other aspects. It is a complete solution and a systematic project. .
The determination of risk management objectives generally must meet the following basic requirements:
(1) The risk management objectives are consistent with the overall objectives of the risk management entity (such as a production enterprise or the owner of a construction project) sex.
(2) The reality of the goal, that is, when determining the goal, the objective possibility of its realization must be fully considered.
(3) Clarity of goals, that is, using the correct selection and implementation of various plans, and objectively evaluating their effects.
(4) The hierarchy of goals, starting from the overall goal, and distinguishing the priority of risk management goals according to the importance of the goal, in order to improve the comprehensive effect of risk management.
The specific goals of risk management also need to be linked to the occurrence of risk events. From another perspective, it can be divided into two types: pre-loss goals and post-loss goals.
(1) Pre-loss target
①Economic target. Enterprises should prevent potential losses in the most economical way, that is, before risk accidents actually occur, the entire risk management plan, program and measures must be the most economical and reasonable, which requires the cost of safety plans, insurance and loss prevention technology Perform accurate analysis.
②Security status goal. The security posture goal is to control risks within an acceptable range. Risk managers must make people aware of the existence of risks rather than concealing risks. This will help people improve their safety awareness, prevent risks and proactively cooperate with the implementation of risk management plans.
③Legitimacy goal. Risk managers must pay close attention to various laws and regulations related to operations, and examine the legality of every business behavior and every contract, so as not to cause the company to suffer losses in finance, talent, time, and reputation, and to ensure that the company The legality of production and business activities.
④ Fulfill the corporate responsibility goals assigned by the outside world. For example, government regulations can require a business to install safety features to prevent workplace injuries, and similarly a business's creditors can require that collateral for a loan be insured.
(2) After-damage goal
①Survival goal. Once a risk event unfortunately occurs and causes losses to the enterprise, the most basic and main goal of risk management after the loss is to maintain survival. Achieving this goal means that through risk management, people have sufficient disaster resistance and disaster relief capabilities, so that enterprises, individuals, families, and even the entire society can withstand losses and not be severely damaged by natural disasters or accidents. , depressed. Achieving the goal of maintaining survival is the prerequisite for disaster risk entities to be able to partially resume production or operations within a reasonable period of time after a loss occurs.
② Maintain the continuity goal of enterprise production and operation. The occurrence of risk events has brought varying degrees of losses and harm to people, affecting normal production and business activities and people's normal lives. In severe cases, production and life can be paralyzed. It is particularly important for public utilities, which are obliged to provide uninterrupted services.
③Income stability target. Maintaining the continuity of business operations can achieve the goal of stable income. target, so that the enterprise's special production can continue to grow. For most investors, a company with stable earnings is more attractive than a high-risk company. Stable earnings mean the normal development of the enterprise. In order to achieve the goal of stable earnings, the enterprise must increase risk management expenditures.
④Social responsibility goals. Minimize the adverse impact of corporate losses on others and society as a whole, because a serious loss to a company will affect the interests of employees, customers, suppliers, creditors, tax authorities and even the entire society. In order to achieve the above goals, risk managers must identify risks, analyze risks and select appropriate methods and measures to deal with risk losses.
If you want to read more related articles, please visitPHP Chinese website! !
The above is the detailed content of After 1995, the issue of information network security is access control, right?. For more information, please follow other related articles on the PHP Chinese website!