O'Reilly logo

Assessing Information Security: Strategies, tactics, logic and framework by Andriej Michajlowski, Konstantin Gavrilenko, Andrew Vladimirov

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CHAPTER 6: SYNTHETIC EVALUATION OF RISKS

What is required of an officer is a certain power of discrimination, which only knowledge of men and things and good judgement can give. The law of probability must be his guide.’ Carl von Clausewitz

Discovering and evaluating vulnerabilities and gaps without the thorough analysis of risks they introduce is as good as doing recon without using its results. In fact, for the risk analysis phase all previous security audit stages are nothing more than the necessary reconnaissance. One of the fundamental principles of chapter 1 states that ‘information security assessment always operates with probabilities’. Gauging these probabilities is a fine science and art that has to be fully mastered by at least ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required