Understanding Risk Management
The first key principle of security is that no network is completely secure—information security is really about risk management. In the most basic of terms, the more important the asset is and the more it is exposed to security threats, the more resources you should put into securing it. Thus, it is imperative that you understand how to evaluate an asset’s value, the threats to an asset, and the appropriate security measures. In general, without training, administrators respond to a security threat in one of three ways:
Ignore the threat, or acknowledge it but do nothing to prevent it from occurring.
Address the threat in an ad hoc fashion.
Attempt to completely secure all assets to the utmost degree, without regard ...
Get Microsoft® Windows® Security Resource Kit, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.