The UNIX and Linux Forums  

Go Back   The UNIX and Linux Forums > Special Forums > Security > IT Security RSS
Treating risks Treating risks
.
google unix.com

Forums Register Forum RulesLinksAlbums FAQ Members List Calendar Search Today's Posts Mark Forums Read


More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
TRAP treating big123456 Shell Programming and Scripting 2 04-27-2008 01:46 AM
The Top Information Security Risks for 2008 iBot Complex Event Processing RSS News 0 01-15-2008 10:20 AM
Treating bzip2 files as text files ShawnMilo Shell Programming and Scripting 1 06-15-2007 02:16 PM
treating special chars braindrain Shell Programming and Scripting 1 06-02-2007 01:52 PM
chmod 777 security risks? Gary777 UNIX for Dummies Questions & Answers 6 11-23-2006 11:42 AM

Reply
English Japanese Spanish French German Portuguese Italian Dutch Swedish Russian Norwegian Hungarian Hebrew Danish Bulgarian Greek Powered by Powered by Google
 
LinkBack Thread Tools Search this Thread Rate Thread Display Modes
  #1 (permalink)  
Old 07-27-2009
iBot's Avatar
iBot iBot is offline
Forum Robot Girl
  
 

Join Date: Sep 2000
Posts: 22,203
Treating risks
Convention has it that there are just four ways of "treating" risks:

  1. Mitigate the risk, typically by reducing the associated threat, vulnerability and/or impact.
  2. Avoid the risk by not doing something risky.
  3. Transfer the risk, for example by forcing business partners to enter into a binding contract that places huge costs and liabilities on them for security breaches while leaving you appearing squeaky clean (don't laugh: PCI DSS does this).
  4. Accept the risk.  Shrug your shoulders and accept that the costs of mitigating, avoiding or transferring the risk outweigh the advantages (as you perceive them).
Well I'm not so sure that's a complete list.  Here are some more possibilities:

  • Explore the risk - which means doing things like analyzing or assessing the risk, researching the risk parameters and algorithms
  • Ignore or deny the risk.  This looks a little like risk acceptance at first glance but it revolves around either genuine or feigned ignorance.  "It'll never happen to me" is one justification.  "It hasn't happened so far" is another variant, "so it probably won't".  "You don't know it will happen, since your risk analysis is full of holes and ridiculous assumptions" is only marginally better than "Trust me, it's not a problem."
  • Exploit the risk, which is of course what hackers, fraudsters, scammers, industrial spies and other Bad Guys do (in the information security context), and how arbitrageurs, forex traders, bankers, corporate treasurers, insurers and other Good Guys do (in other contexts).  Summed up by "Run with it, live dangerously and enjoy the rush' (a.k.a. the bunjee jumper's guide to risk management).
  • Hype the risk, with its corrollary, downplay the risk, which is what politicians do all the time.  "Folic acid in your bread will reduce the risk of neural tube defects" says one.  "Folic acid in your bread will increase the risk of cancer" says another.  "What's folic acid?" say most of the population, "Pass me the butter."
I'm sure there are still others ... comments welcome ...




More...
Reply

Bookmarks

« Videos from Team Cymru | Are federal agencies receiving mixed messages on information security? »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes Rate This Thread
Hybrid Mode Hybrid Mode
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -4. The time now is 06:34 AM.

The UNIX and Linux Forums - Learn UNIX and UNIX Commands RSS Feeds - Contact Us - The UNIX and Linux Forums - Learn UNIX and UNIX Commands - Archive - Top

Powered by: vBulletin, Copyright ©2000 - 2006, Jelsoft Enterprises Limited. Language Translations Powered by .
vBCredits v1.4 Copyright ©2007 - 2008, PixelFX Studios
The UNIX and Linux Forums Content Copyright ©1993-2009. All Rights Reserved.Ad Management by RedTyger

Content Relevant URLs by vBSEO 3.2.0