The Top Ten Security Threats for 2008 (Part 3) - Risky Situations and Context
Sun, 11 Nov 2007 05:25:20 +0000
Opher Etzion*provides a*timely seqway for Part 3 of this series on*The Top Ten Security Threats for 2008*in his two blog posts, Context and Situation - are they synonyms? and The notion of context and its role in event processing.**
I will briefly illustrate and elaborate*by applying the concepts of context and situation to risk identification, or the identification of increasingly risky situations, in terms of the three core contextual elements*of risk, (1) threat, (2) vulnerability and (3) criticality.**
The intersection of the context (or elements)*of risk, illustrated in the figure above, defines various situations relevant to risk and risk management.** Here is the context and the various situations:
(1) Threats environments that have no critical assets or known vulnerabilities.* This is a bit like*flesh eating zombies*isolated on a remote*island in uncharted ocean waters.** There is a low probability of a risky situation developing, except in those horror movies where shipwrecked bikini clad tourists enter the scene!* Then, we have the situation of*barefoot people*in bikinis (vulnerable)*and some who are*very beautiful (critical assets)*- see*situation (7) below!
*(2) Vulnerabilities in systems, programs, people, equipment or facilities that are not associated with critical assets and there are no known threats.*** These are like the vulnerable barefoot bikini clad people on the ship who are not critical to the plot of the horror movie.
(3) Critical assets (information, systems, programs, people, equipment or facilities) for which there are no known vulnerabilities or threats.** These are the stars of the movie - the ones highly paid for their critical assets
(4) A threat or number of threats has acquired specific knowledge and/or capability to exploit a vulnerability*to non-critical assets.* An example would be the people who are “killed early” in the horror movie, the vulnerable, non-critical assets!**
(5) Critical assets for which there are no known vulnerabilities but there is exposure to one or more specific threats.** These are like the strong, beautiful, unfeatable*folks in our island of horror metaphor.* They are simply not vulnerable to the flesh eating zombies!
(6) Critical assets for which there are known vulnerabilities but no known threats.** These are like*the bikini clad beautiful people before they landed on the island of terrible flesh eating zombies!
(7) Critical assets for which there are known vulnerabilities and threats.* This*context defines the most*risky situations for our cast of vulnerable, bareful, beautiful, fashionable, bikini clad tourists on the island of flesh eating zombies!** Run for your lives!!!
Situations and context?*** We experience this in almost every moment of our lives.** Our senses provide the context and our minds formulate the situations.
So, where are the top ten security threats for 2008 I promised?*