This document describes the basic concepts of information security risk assessment, the relationship between risk elements, risk analysis principles, risk assessment implementation process and assessment methods, as well as the implementation points and work forms of risk assessment at different stages of the information system life cycle. This document is applicable to all types of organizations carrying out information security risk assessment work.
GB/T 20984-2022 Referenced Document
GB/T 25069 Information security techniques—Terminology
GB/T 33132-2016 Information security technology—Guide of implementation for information security risk treatment
GB/T 20984-2022 history
2022GB/T 20984-2022 Information security technology—Risk assessment method for information security
2007GB/T 20984-2007 Information Security Technology Information Security Risk Assessment Specification