Chapter 4: Threats and Risk Assessment


Overview

You can go a long way with a smile. You can go a lot farther with a smile and a gun.

”Attributed to Al Capone

Risk and threat assessment is something humans are notoriously bad at. Examples abound: try asking 10 of your coworkers whether it s more dangerous to fly or drive from Seattle to Toledo and see how many of them correctly identify air travel as less risky. Then ask the same group whether the risk of dying in a commercial airline crash is greater or less than the risk of being struck by lightning. Sometimes our inability to properly assess risks is based on a lack of solid objective data about what the risks are, and sometimes the cause is an unwillingness or inability to fully evaluate the threat and the corresponding risks.

This chapter helps you begin to understand the process of threat and risk assessment. This is normally the domain of skilled security practitioners , and you won t necessarily be able to completely evaluate your messaging system risks when you re done reading this book. However, you will be much better prepared to understand what risks you actually face (as opposed to the ones you think will give you trouble), and you ll have a better understanding of how to go about mitigating them.

First, a brief vocabulary lesson. A threat is something bad that can happen. Common threats include virus attacks, internal or external network penetrations, theft of data, eavesdropping, and server failure. A risk is the product of two things: the likelihood that a particular threat will occur and the expected damage if it does. For example, the risk of having my car stolen from the airport parking lot is low. The theft is the threat; it s pretty unlikely , and my personal risk is low because my auto insurance will replace the car if it s stolen; I ve essentially transferred that risk to someone else. On the other hand, the risk that I ll have to wash my car when I return home is high. The threat (mostly posed by bird droppings) is likely to occur (that is, birds are very likely to fly around and over the car), and the expected effect (that is, bird droppings on the sunroof ) is predictable. Professional risk assessors also factor in the frequency of the threat; something that is guaranteed to happen every year and causes moderate damage might be a bigger risk than something that might only happen every 50 years but causes more damage. For a real-world perspective on risks and frequency, consider the likelihood and expected damage caused by mudslides and earthquakes in California, wildfires in the western United States, hurricanes in the Carolinas or Florida, and tornadoes in Kansas and northern Alabama.

Although statistical risk assessment is a rigorous process that requires a disciplined approach, you can do your own risk assessments. For every risk you identify, you need to do one of four things:

  • Avoid the risk This is the simplest (and often the least feasible ) approach. If something seems risky, don t do it. If you re worried about e-mail- borne viruses, you can disconnect your servers from the Internet ”a measure that would give you pretty good protection, if not good communications. If you re concerned about hackers attacking your factory-floor control systems through your Internet connection, you might choose to isolate them on a self-contained internal network with no direct or indirect connectivity to other networks.

  • Mitigate the risk You can do this by either reducing the loss associated with a particular threat or eliminating (or lessening) the threat itself. Installing a good-quality antivirus product on your workstations and servers would mitigate the risk of a virus infection; using covered parking at the airport would mitigate the risk of a bird-dropping attack.

  • Transfer the risk to someone else That s what insurance does: you pay someone to assume the risk of loss for you. You generally can t buy computer-security insurance (although some types of business insurance cover the cost of recovering data and operations after an attempted or successful penetration), but you can use a variety of outsourced services that assume some degree of operational or security risk if you feel it worthwhile.

  • Accept the risk Some risks are either so unlikely, or so hard to avoid, mitigate, or transfer, that you re stuck with them. Most of us accept some risks by default. If you re worried about the risks of auto accidents, you could quit driving, thus eliminating your personal risk. You could insist on riding around in armored cars ”an inconvenient but effective way to drastically lessen the risk of getting hurt in a car crash. In a more practical vein, you might choose to mitigate the risk by choosing safer vehicles or by driving less. For most people, we ultimately accept the fact that there s some degree of risk every time we get behind the wheel. Once you ve done everything you can to reduce, remove, or redirect the risk, you have to accept the degree of risk that s left over. You must be very careful to ensure that you have explicitly identified the risks that you re accepting as part of your messaging security environment.




Secure Messaging with Microsoft Exchange Server 2003
Secure Messaging with MicrosoftВ® Exchange Server 2003 (Pro-Other)
ISBN: 0735619905
EAN: 2147483647
Year: 2004
Pages: 189

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net