Security Risk Assessment Project Management ◾ 419
© 2011 by Taylor & Francis Group, LLC
• Skill. An information security professional must also have the skill to determine all the
possible vulnerabilities of your system and to provide recommendations for how to miti-
gate your overall security risk. These consultants must be knowledgeable in all domains
of information security, as security will often break at the weakest link.
Hackers are much like cat burglars, or any career criminal; they have a certain tech-
nique or approach to breaking into systems that they use again and again. This approach
is often referred to as their modus operandi or MO. A cat burglar who breaks into homes
knows one or two tricks for breaking in. For example, ...