Chapter 4

Risk Management

Abstract

Security is unattainable. What security programs are trying to achieve is risk management. In other words, they are trying to cost effectively control the potential loss. Risk is a combination of value, threat, vulnerability, and countermeasures. Traditionally, a security program strives to implement countermeasures that primarily mitigate the vulnerabilities that, if exploited, will create a loss of value.

This chapter categorizes the factors that contribute to, and mitigate, risk. The goal is not to get rid of all risk, as that is not practical, but to optimize the risk, given the potential loss and available resources.

Keywords

Countermeasures; Malicious; Malignant; Risk; Threat; Vulnerability; Value
Security is ...

Get Advanced Persistent Security now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.