Method of analysis of data-processing risks optimized by level

The method of analysis of data-processing risks optimized by level ( Marion ) is a method of audit, suggested since 1983 by CLUSIF, aiming at evaluating the data-processing security level of a company. The objective is double:

  1. to locate the audited company compared to a level considered to be correct, and the level reached by the similar companies
  2. to identify the threats and vulnerabilities to be countered.

Principles

Six topics

The analysis is articulated in 6 broad topics:
  1. organisational safety
  2. physical safety
  3. the continuity of service
  4. the data-processing organization
  5. logical safety and the exploitation
  6. the safety of the
applications

Twenty-seven indicators

The indicators, distributed in these 6 topics, will be evaluated, and developed on a scale of 0 (very unsatisfactory) to 4 (very satisfactory), level 3 being the level considered to be correct. Each indicator is affected of a weight according to its importance.

Seventeen types of threats

  1. physical Accidents
  2. physical Malveillance
  3. Panne of IF
  4. Deficiency of personnel
  5. Deficiency of person receiving benefits
  6. Interruption of operation of the network
  7. Error of seizure
  8. Error of transmission
  9. Error of exploitation
  10. Error of design/development
  11. Latent defect of a software package
  12. Embezzlement
  13. Diversion of goods
  14. illicit Copy of software
  15. Indiscretion/diversion of information
  16. immaterial Sabotage
  17. logical Attack of the network

Phases

Evolution

Method MARION did not evolve/move any more since 1998. The CLUSIF proposes from now on a harmonized Méthode of analysis of the risks (Méhari) which one can think that it will replace MARION.

Appendices

See too

Random links:Jean-Christophe Averty | History of Libya | Karavukovo | Mislayings of the heart and the spirit | Jakob Maria Mierscheid | Dynastie_de_Buyid