megavideolinks
Joined: 18 Nov 2011 Posts: 63
|
Posted: Sun Nov 20, 2011 7:46 am Post subject: Identifying Security Threats |
|
|
There are two ways to approach the identification of threats. One way is to consider all possible threats, then determine if they apply to the assets to be protected. The other way is to examine the assets and consider how they might be threatened.
The objective is to get a short list that is sufficient to base the strategy on. To do this, using either method, it is useful to consider classifications rather than specific individual items.
Consider Common Threats
For example, to assess threats, consider the common threats: people, software, and natural disaster. Consider the effect on an asset. A person could disclose data. A software program could destroy data. There are lists available of some common threats to organizations (e.g., from the RCMP or DHS) that help in this task.
Review Properties
To assess assets, consider their properties: availability, integrity, and confidentiality. Classify threats that may affect these properties: destruction, interruption, removal or loss, disclosure, and corruption. For each asset, identify its property that may be affected by a class of threat. For example, a server's availability would be threatened by destruction, or removal, or loss.
Use a cost exposure matrix to value the impact. Calculate a probability of the occurrence of the threat.
_______________
oras
Finance Recruitment |
|