The present invention relates to a process-based security risk evaluation method which minimizes a risk blind spot of an existing methodology through process-based risk evaluation and enables analysis and management for various risk factors entangled with a business process which is either unpredictable or overlooked in order to overcome a problem of fixed risk management for a problem of an existing asset-based risk evaluation method which is based on assets. The process-based security risk evaluation method comprises a first step of defining a process; a second step of analyzing a risk of the process; a third step of evaluating the risk of the process; and a fourth step of establishing an improvement plan.;COPYRIGHT KIPO 2018
展开▼