CHAPTER 6: SYNTHETIC EVALUATION OF RISKS
‘What is required of an officer is a certain power of discrimination, which only knowledge of men and things and good judgement can give. The law of probability must be his guide.’ – Carl von Clausewitz
Discovering and evaluating vulnerabilities and gaps without the thorough analysis of risks they introduce is as good as doing recon without using its results. In fact, for the risk analysis phase all previous security audit stages are nothing more than the necessary reconnaissance. One of the fundamental principles of chapter 1 states that ‘information security assessment always operates with probabilities’. Gauging these probabilities is a fine science and art that has to be fully mastered by at least ...
Get Assessing Information Security: Strategies, tactics, logic and framework now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.