Thursday, June 16, 2011

Threats, Vulnerabilities, and control


A computer based system has three separate but valuable components, hardware, software and data. Each of these assets offers value to different members of the community affected by the system. To analyze security we can brainstorm about the ways in which the system or its information can experience some kind of loss or harm. For example we can identify data whose format or contents should be protected in some way.


Vulnerability is a weakness in the security system, for example in procedures, design or implementation that might be exploited to cause loss or harm. For instance a particular system may be vulnerable to unauthorized data manipulation because the system does not verify a users identity before allowing data access.


 A threat to a computing system is a set of circumstances that has the potential to cause loss or harm. To see the difference between a threat and vulnerability, consider the illustration. There are many threats to a computer system, including human initiated and computer-initiated ones.
 

A human who exploits vulnerability perpetrates an attack on the system. An attack can also be launched by another system as when one system sends an overwhelming set of message to another, virtually shutting down the second systems ability to function. How do we address these problems? We use a control as a protective measure.  That is a control is an action, device, procedure, or technique that removes or reduces vulnerability, threat is blocked by control of vulnerability.           

No comments:

Post a Comment