Generally Accepted System Security Principles
P-8 Reassessment Principle
Copyright(c), 1995 - Management Analytics and Others - All Rights Reserved
P-8 Reassessment Principle--The security of information systems
should be reassessed periodically.
Information systems and the requirements for their security vary
over time. One of six events may trigger the need for an information
system to be reassessed:
- a significant change to the information system
- a significant change to the threat population
- a significant change to available safeguards
- a significant change in the users
- a significant change in the potential loss of the system
- a reasonable length of time (related to the potential for loss
of the information system) has elapsed such that accumulated
change may be significant.