1.2 Assessing Risks

The simplest way to address a security problem is the rule-based approach. Well-known risks often imply one or more specific security measures, often from a checklist. To defend against thieves walking through an open door, we put a lock on the door and keep it locked.

Alice can’t leave her shop door locked during working hours. It remains unlocked so that customers may enter and leave. She must stay in the shop herself to help customers and to foil shoplifters or other thieves. If she needs a quick break, she closes the shop, locks the door, and leaves a sign saying “Back in 10 minutes.”

Alice didn’t perform a detailed risk assessment to arrive at this conclusion. She recognized the risks from her own shopping experiences ...

Get Elementary Information Security, 3rd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.