▶ 1.2 Assessing Risks
The simplest way to address a security problem is the rule-based approach. Well-known risks often imply one or more specific security measures, often from a checklist. To defend against thieves walking through an open door, we put a lock on the door and keep it locked.
Alice can’t leave her shop door locked during working hours. It remains unlocked so that customers may enter and leave. She must stay in the shop herself to help customers and to foil shoplifters or other thieves. If she needs a quick break, she closes the shop, locks the door, and leaves a sign saying “Back in 10 minutes.”
Alice didn’t perform a detailed risk assessment to arrive at this conclusion. She recognized the risks from her own shopping experiences ...
Get Elementary Information Security, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
