Step 1: What assets are we trying to protect?

This question might seem basic; but a surprising number of people never ask it. The question involves understanding the scope of the problem. For ex: securing an airplane, an airport, commercial aviation, the transpiration system and a country against terrorism are all different security problems, and require different solutions.

Step 2: What are the risks to these assets?

Here we consider the need for security. Answering it involves understanding what is being defended, what the consequences are if it is successfully attacked, who wants to attack it, how they might attack it, and why.

Step 3: How well does the security solution mitigate those risks?

Another obvious question, but one that is frequently ignored. If the security solution doesn’t solve the problem, its no good. This step involves looking at how the security solution interacts with everything around it, evaluating both its operation and its failures.

Step 4: What other risks does the security solution cause?

This question addresses what might be called the problem of unintended consequences. Security solutions have ripple effects, and most cause new security problems. The trick is to understand the new problem and make sure that they are smaller than the old ones.

Step 5: What costs and trade-offs does the security solution impose?

Every security system has costs and requires trade-offs. Most security costs money, sometimes substantial amounts; but other trade-offs may be more important, ranging from matters of convenience and comfort to issues involving basic freedoms like privacy. Understanding these trade-offs is essential.

  • Balancing risks and trade-offs are the point of our five-step process.

  • In step 2, we determine the risks.

  • In step 3 and 4, we look for security solutions that mitigate the risks.

  • In step 5, we evaluate the trade-offs. Then we try to balance the pros and cons: Is the added security worth the trade-offs?

  • This calculation is risk management, and it tells us what countermeasures are reasonable and what countermeasures are not. Thus:

  • Risk management for us is about playing the odds. We figure out which attacks are worth worrying and which ones can be ignored. Its spending more resources on the serious attacks and less on the frivolous ones. It’s taking a finite security budget and making the best use of it. We do this by looking at the risks, not the threats (a threat is a potential way an attacker can attack a system)

  • For us, there is an important distinction drawn between the words “threat & “risk”. A threat is a potential way an attacker can attack a system. Car burglary, car theft and carjacking are all threats – in order from least serious to most serious (because an occupant is involved). When we talk about risk, we take into consideration both the likelihood of the threat and the seriousness of a successful attack. Thus:

Threats determine risks, and risks determine the countermeasures

(Inspired by Bruce Schneier’ s Beyond Fear)


You did not use the site, Click here to remain logged. Timeout: 60 second