There is much debate in the
information security
world regarding the proper definition of security. I have seen dozens of
definitions over the years, but I feel the following option most completely
and succinctly captures it.
There are a few things I like about this definition.
-
Process. i.e. it doesn’t end.
-
Acceptable. This alludes to the fact that the organization’s upper management
decides—based on the entity’s goals as a whole—how much risk to take on.
The crucial piece here is that
this isn’t for security professionals to decide. -
Perceived. In short, “you don’t know what you don’t know”. And this is where
security professionals come in. Their entire job is to ensure that
management is making informed decisions.
Risk
As we all know, it’s not a good idea to use words with disputed definitions
as part of another definition. And since
risk
is one such word, I’ll clarify briefly how I define risk.
In general, I prefer NIST’s description from NIST Publication SP 800-30:
This reveals a few primary components: likelihood, threat-source,
vulnerability, and impact. The word “function” used in the definition is
pivotal; it reveals that if any of the values increase or decrease, the
total risk does as well. I also prefer to add asset value to the equation,
and this is a popular choice.
Ultimately, however, the definition of risk can be reduced to a much more
usable, less academic form, and this is the way you are going to be most
successful communicating it with those who are not security professionals.
So when should you use one definition vs. the other? In general, use the
simple version. Getting entangled in the infinite number of ways risk can be
calculated is something to avoid. It drains time and rarely accomplishes
anything when broken down much farther than is described above.
Summary
So, written out (i.e. without the word “risk”) we arrive at:
…and once again, in it’s more succinct and elegant form:
Links
[
Security | wikipedia.org
][
NIST Publication 800-30 | nist.org
][
Risk, Threat and Vulnerability | taosecurity.blogspot.com
]
Ultimate Me: Unlock Your Ultimate Potential & Energy HealingIntelligence,Skills Development 
NLSC: SENIOR THREE AGRICULTUREAgriculture,New Lower Secondary Curriculum,Ordinary Secondary 
NLSC: SENIOR THREE CHEMISTRY
NLSC: SENIOR THREE GENERAL SCIENCENew Lower Secondary Curriculum,Ordinary Secondary,Sciences 
NLSC: SENIOR THREE NUTRITION AND FOOD TECHNOLOGYFood and Nutrition,New Lower Secondary Curriculum,Ordinary Secondary
Opul BonnyzQUESTION 2- colline mwangaENG/P/7: RIGHTS, RESPONSIBILITIES AND FREEDOM
- Aheebwa JosephDP: Digital Pedagoggy Assignment7
- Aheebwa JosephDP: Digital Pedagogy Assignment5
- Aheebwa JosephDP: Digital Pedagogy Assignment4
- Aheebwa JosephDP: Digital Pedagogy Assignment2
- Aheebwa JosephDP: Digital Pedagogy Final Project
SENIOR FIVE SUB ICT END OF YEAR EXAM ONE 2023
Afrikaans
Albanian
Amharic
Arabic
Armenian
Azerbaijani
Basque
Belarusian
Bengali
Bosnian
Bulgarian
Catalan
Cebuano
Chichewa
Chinese (Simplified)
Chinese (Traditional)
Corsican
Croatian
Czech
Danish
Dutch
English
Esperanto
Estonian
Filipino
Finnish
French
Frisian
Galician
Georgian
German
Greek
Gujarati
Haitian Creole
Hausa
Hawaiian
Hebrew
Hindi
Hmong
Hungarian
Icelandic
Igbo
Indonesian
Irish
Italian
Japanese
Javanese
Kannada
Kazakh
Khmer
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latin
Latvian
Lithuanian
Luxembourgish
Macedonian
Malagasy
Malay
Malayalam
Maltese
Maori
Marathi
Mongolian
Myanmar (Burmese)
Nepali
Norwegian
Pashto
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Samoan
Scottish Gaelic
Serbian
Sesotho
Shona
Sindhi
Sinhala
Slovak
Slovenian
Somali
Spanish
Sundanese
Swahili
Swedish
Tajik
Tamil
Telugu
Thai
Turkish
Ukrainian
Urdu
Uzbek
Vietnamese
Welsh
Xhosa
Yiddish
Yoruba
Zulu
0 responses on "Apple vs. AT&T"