▶ 1.3 Identifying Risks
To identify risks, we look at threat agents and attacks: who attacks our assets and how the attacks might take place. We might also have information about vulnerabilities and defenses, but for now we use it only as extra information to help identify plausible attacks. For example, we might keep valuable articles in a room, like an office or storage locker. We need to identify threat agents and attacks that affect the assets stored in that room.
Based on news reports, stories, and personal experience, most of us should be able to identify threat agents and attacks. Here are examples of threat agents, attacks, and risks associated with a store’s computer equipment:
■ Threat agents—thieves and vandals
■ Attacks—theft, ...
Get Elementary Information Security, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
