Security Designs
17 Pages 4143 Words
Assets and Vulnerabilities to Known Threats
Assessing an organization's security needs also includes determining its vulnerabilities to known threats. This assessment entails recognizing the types of assets that an organization has, which will suggest the types of threats it needs to protect itself against. Following are examples of some typical asset/threat situations:
· The security administrator of a bank knows that the integrity of the bank's information is a critical asset and that fraud, accomplished by compromising this integrity, is a major threat. Fraud can be attempted by inside or outside attackers.
· The security administrator of a Web site knows that supplying information reliably (data availability) is the site's principal asset. The threat to this information service is a denial of service attack, which is likely to come from an outside attacker.
· A law firm security administrator knows that the confidentiality of its information is an important asset. The threat to confidentiality is intrusion attacks, which might be ...