Understanding Risk

Risk is unavoidable. You can’t eliminate it. However, it’s possible to minimize risk by first understanding it and then taking steps to mitigate it.

Minimizing risk is also known as risk mitigation.

For example, every time you step into a street, you run the risk of being hit by a car. The real threat of a car colliding with your body, and your body’s vulnerability to this collision, convinces you to take steps to reduce the risk. Unless you’re Superman, you can’t stop the threat. If the car is coming, it’s coming. But you can minimize the risk by using crosswalks and looking for approaching cars before stepping into the street.

Similarly, risks are reduced in IT networks by taking steps to reduce the vulnerabilities. Consider ...

Get Microsoft® Windows® Security: Essentials now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.