Chapter 2. Managing Risk: Threats, Vulnerabilities, and Exploits

A KEY STEP WHEN MANAGING RISKS is to first understand and manage the source. This includes threats and vulnerabilities, and especially threat/vulnerability pairs. Once you understand these elements, it's much easier to identify mitigation techniques. Exploits are a special type of threat/vulnerability pair that often includes buffer overflow attacks.

Fortunately, the U.S. federal government has initiated several steps to help protect IT resources. The National Institute of Standards and Technology has done a lot of research on risk management. The results of this research are freely available in the form of Special Publications. Additionally, the Department of Homeland Security oversees ...

Get Managing Risk in Information Systems now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.