Basic Elements of Risk Management


There are three basic goals of computer security, which are broken down into the CIA acronym. Keep in mind we are not talking about the intelligence agency with the same acronym, but rather the three goals of computer security: protect the confidentiality, integrity, and/or availability of a computing asset. The goal of confidentiality is to prevent disclosure of information to unauthorized parties. Integrity is the goal of ensuring that the information or asset has not been tampered with, and availability is exactly what it sounds likethe goal of making sure that the information or asset is available to the parties that need access when they need access.

For any given asset, one or more of these goals might be more important than the other, and the extent to which that goal is achieved is entirely unique to that asset. What is secure enough for one system might not be for another. One simple example is to ask yourself if your home is secure enough. For some, simple locks will suffice for their assets and the threats they feel their home many be exposed to; for others an alarm system, dead bolts, and irons bars are sufficient. The point here is that the goals are always going to be different for each asset you choose to protect, as will the methods and the extent to which you protect that system.

Keep this in mind when evaluating your risk management processes. It will help to focus your efforts on those elements of your plan that will accomplish your goals in a customized manner for each asset.



    Troubleshooting Linux Firewalls
    Troubleshooting Linux Firewalls
    ISBN: 321227239
    EAN: N/A
    Year: 2004
    Pages: 169

    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net