• Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint
Share this Page URL
Help

Chapter 14. Security > Analyzing Risk

Analyzing Risk

Part of designing an appropriate security policy is determining what level of protection is warranted against what kinds of threats. A bank, for example, faces different risks than a home owner, and the bank is therefore willing to pay more to protect itself against those risks. Many choices in computer security are determined by how much the security measures cost (in terms of money, performance, or inconvenience). Without a good understanding of the benefits of particular security measures, it is impossible to evaluate the choices from a business point of view. In this section, we look at how to analyze computer security risks and evaluate means of reducing those risks.

Adversaries

The first step is to “know thy enemy.” People often begin by focusing on types of attacks and the ensuing damage, but the means of attack are merely tools. A determined attacker, for example, may be willing to work very hard to penetrate a system, whereas a casual attacker may give up easily. Both may try the same kinds of attacks, but the persistence of the attacker can make a big difference. Hence, it is important to ask the following questions.


PREVIEW

                                                                          

Not a subscriber?

Start A Free Trial


  
  • Creative Edge
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint