Wednesday, February 18, 2009


"Risk analysing"

Intro: Kaspersky creates viruses first and then anti-viruses.(Actually, nobody knows that the person who creats antiviruses, creats viruses first. And they are the main hackers)

The main problem of companies and organizations is that THREAT can impact an information resource. Good defend helps organizations to work properly.

Risk is the probability or chance that a threat will impact an information resource.

Risk management
it is the way of seeking methods to reduse the risk of impact of treats.(It`s like trying to identify, to control, to put for safe level the Threat and so on).There are two things in this definition that may need some clarification. First, the process of risk management is an ongoing process. It must be repeated indefinitely. The business environment is constantly changing and new threats aviable every day. Second, the choice of controls used to manage risks must strike a balance between productivity, cost, and effectiveness.

Risk analysis is process where organization put the value for each thing which is protecting. Also, we can call it put as categorazing of prioritets of protection level.
Based on this analysation organization considers how to mitigate(to expiate or to make more softer) the risk.

Risk mitigation It is when organization takes strong action against the risk
And it has 2 functions:
  1. Using controls to prevent threats from outside
  2. While developing do not give a chance for the threat
There are 3 things that organization may adopt:
  • Risk acceptance. (Organizations should not ignore defending system. Updating and so on...)
  • Risk limitation. Limit the risk by configuring controls of protection (Ex:Firewall...)
  • Risk transference. Example is purchasing insurance(Copy of your information on other devices like harddisk)
After all, let`s look when control is not cost effective... It is when the cost of defending system is more higher than the value of things being protected. (Ex)

Difficulties of protecting information resources:
  • There hudreds of threats exist
  • A lot of criminals, who was caugt go unpunished
  • The cost of defending sysytem is very high
Intro about CONTROLS
There are many ways of protection. The strongest one is to join with the FBI (NIPC)
It`s designed to protect nation`s infrastructures such as energy, transportation, finance and many other things. But it costs so much! For small companies it`s going to be just not cost-effective.

No comments: