security plan, 493 | Risk analysis, 506 | policy, 493 | Risk impact, 506 | requirement, 495 | problem, 506 | constraint, 495 | avoided risk, 506 | control, 495 | transferred risk, 506 | requirement qualities: | assumed risk, 506 | correctness, 496 consistency, 496 realism , 496 need, 496 verifiability, 496 traceability, 496 schedule, 497 plan review, 498 plan timetable, 498 | Risk leverage, 507 assets: hardware, 509 software, 509 data, 509 documentation, 509 supplies , 509 infrastructure, 509 human assets, 509 | security planning team, 499 management commitment to security plan, 499 | Hazard and operability studies (HAZOP), 510 fault tree analysis (FTA), 510 | business continuity plan, 500 incident response plan, 503 | failure modes and effects analysis (FMEA), 510 | attributes contributing to vulnerabilities: | policy contents, 531 policy characteristics: | singularity, 513 separability , 513 logic errors, 513 design sensitivity, 513 unrecoverability, 513 behavioral sensitivity, 513 malevolence, 513 rigidity, 513 malleability, 513 gullibility, 513 complacency, 513 corruptibility, 513 accessibility, 513 difficulty to control, 513 unpredictability , 513 predictability, 513 | coverage, 532 durability, 532 realism, 532 usefulness , 532 physical security, 538 natural disaster, 538 fire, 539 power loss, 540 uninterruptible power supply, 540 surge suppressor , 540 drop, 541 spike, 541 surge, 541 intruder, 541 theft prevention, 541 theft detection, 543 | likelihood of exploitation, 515 | disposal of sensitive information, 543 | classical probability, 516 | shredder, 544 | frequency probability, 516 | Degausser, 544 | subjective probability, 516 | emanations , 544 | Delphi method, 516 | Tempest, 544 | annual loss expectation (ALE), 517 | backup, 546 | cost/benefit analysis, 525 | complete backup, 546 | Risk calculation, 525 | revolving backup, 546 | organizational security policy: | selective backup, 546 | purpose, 529 beneficiaries, 530 users, 530 owners , 530 | offsite backup, 546 cold disaster recovery site, 547 hot disaster recovery site, 547 networked storage device, 547 | balancing interest, 530 | | |