Foundations of Computer SecurityLecture 3: Security as Risk ManagementDr. Bill YoungDepartment of Computer SciencesUniversity of Texas at AustinLecture 3: 1 Security as Risk ManagementSecurity as Risk ManagementIf perfect security is not possible, what can be done.Viega and McGraw (Building Secure Software) assert that softwareand system security really is “all about managing risk.”Risk is the possibility that a particular threat will adversely impactan information system by exploiting a particular vulnerability.The assessment of risk must take into account the consequences ofan exploit.Lecture 3: 2 Security as Risk ManagementRisk Management FrameworkRisk management is a process for an organization to identify andaddress the risks in their environment.One particular risk management procedure (from Viega andMcGraw) consists of six steps:1Assess assets2Assess threats3Assess vulnerabilities4Assess risks5Prioritize countermeasure options6Make risk management decisionsLecture 3: 3 Security as Risk ManagementCoping with RiskOnce the risk has been identified and assessed, managing the riskmay involve:Risk acceptance: risks are tolerated by the organization. e.g.sometimes the cost of insurance is greater than thepotential loss.Risk avoidance: not performing an activity that would incur risk.e.g. disallow remote login.Risk mitigation: taking actions to reduce the losses due to a risk;most technical countermeasures fall into thiscategory.Risk transfer: shift the risk to someone else. e.g. most insurancecontracts, home security systems.Lecture 3: 4 Security as Risk ManagementAnnualized Loss ExpectancyOne common tool for risk assessment is annualized loss expectancy(ALE), which is a table of possible losses, their likelihood, andpotential cost for an average year.Example: consider a bank with the following ALE. Where shouldthe bank spend scarce security dollars?Loss type Amount Incidence ALESWIFT* fraud $50,000,000 .005 $250,000ATM fraud (large) $250,000 .2 $50,000ATM fraud (small) $20,000 .5 $10,000Teller theft $3,240 200 $648,000* large scale transfer of funds.Lecture 3: 5 Security as Risk ManagementIs ALE the Right Model?Annualized Loss Expectancy effectively computes the “expectedvalue” of any security expenditure.Consider the following two scenarios:1I give you a dollar.2We flip a coin. Heads: I give you $1000. Tails: you give me$998.Note that the expected values are the same in both cases ($1), butthe risks seem quite different.Lecture 3: 6 Security as Risk ManagementLessonsBecause perfect security is impossible, realistic security isreally about managing risk.Systematic techniques are available for assessing risk.Assessing risk is important, but difficult and depends on anumber of factors (technical, economic, psychological, etc.)Next lecture: Aspects of SecurityLecture 3: 7 Security as Risk
View Full Document
Unlocking...