7.1 Assessing Risks
In this chapter, we will do a little midway review of some important concepts and then delve more into administrative security functions, including using risk assessments and risk management frameworks. We have covered some classes of attacks and some specific examples, and we know that attacks can be asymmetrical and seemingly disjoint or orthogonal. However, let’s consider this question: who could have predicted that a DDoS would be combined with a disinformation campaign as in the opening scenario? In hindsight, it makes sense, but no one had published any threat models that showed those attack vectors used in concert. Risk assessment frameworks are available to identify basic (but not specific) threat risks. Risk management, ...
Get Information Security Management, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
