VII
Contents
Pr e f a c e xv
a
c k n o w l e d g m e n t s xvii
a
b o u t t h e au t h o r xix
1c
h a P t e r In t r o d u c t I o n 1
1.1 e Role of Risk Management 1
1.2 Origins of VM 2
1.3 Introducing the Security Industry and Its Flaws 3
1.4 Challenges from Government and Industry 4
1.5 Sources of Vulnerabilities 5
1.6 Example of Flawed VM 5
1.7 Why VM Is Important 6
2c
h a P t e r th e Vu l n e r a b I l I t y ex P e r I e n c e 9
2.1 Introduction 9
2.2 e Vulnerability Creation Process 9
2.2.1 Complexity 11
2.2.2 Communication 12
2.2.3 Interoperability 13
2.3 Creating Vulnerabilities: An Example 14
2.4 Rationale for a VM Program 17
2.4.1 Overexposed Network 17
2.4.2 No Standard for Secure Systems
Configuration
18