Security Management Strategies for the CIOAccess "Anticipating the worst: Security threat awareness and mitigation"
This article is part of the August 2004 issue of Weight lifter: Appliances that lighten your security load
Many IT managers have been lulled into a false sense of security by the "coin-flip principle," which goes like this: Let's say you flip a coin nine times, and it comes up heads every time. What are the chances it will come up heads again on the 10th time? You may be tempted to say one in 1,000, or one in 100,000 or one in 1 million. But the correct answer is disarmingly obvious: one in two. Every time you flip a coin, the chance of it coming up heads is 50/50. In this case, history has no impact on the future; it's only our flawed thinking about probabilities that makes us assume otherwise. While the analogy is inexact, the coin-flip principle can be applied to some forms of cyberattack. Because they haven't happened yet, we assume they won't. Perhaps the best example of this is the notion of a combined physical/cyber attack on our national infrastructure. Like most people, I've always pooh-poohed the idea of a "cyber-Pearl Harbor" because, for all the hype about it, it hasn't happened. But a recent conversation I had with Dan Geer radically changed my mind.... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
Cut security costs with all-in-one appliances and firewall policies
by Lisa Phifer, Contributor
Turnkey, all-in-one appliances offer cost-effective security with less hassle.
-
Enhancing security risk management with cyberinsurance
by Lamont Wood, Contributing Writer
When all else fails, there's cyberinsurance. Learn how to enhance security risk management with cyberinsurance.
-
Cut security costs with all-in-one appliances and firewall policies
by Lisa Phifer, Contributor
-
-
Data security failure: How the government broke our trust
The government exposed thousands of Native Americans' financial data to hackers. Elouise Cobell forced the government off the Internet.
-
Service-level agreement advantages and disadvantages
by Anne Saita
Learn about the advantages and disadvantages of service-level agreements.
-
Data security failure: How the government broke our trust
-
Columns
-
Service-level agreement management: Defining security policy roles
Does your security plan include expectations or incentives for SLAs? Lawrence Walsh explains why setting standards for your enterprise is essential.
-
Be prepared: How to prevent and detect botnets
by Marcus J. Ranum, Contributor
Sooner or later, enterprises have to deal with a remote-controlled compromise. By treating botnets as a disaster preparedness problem, they'll be on the right track.
-
IE security risks: Making the switch to a more secure browser
by Jay Beale
Given the huge Web-based risk exposure with everyone running the same operating systems should enterprises look for an alternative to IE? Short answer: Absolutely.
-
Threat modeling follows attack tree as enterprise protection practice
by Pete Lindstrom, Contributor
Does your enterprise maximize its threat modeling potential? Expert Pete Lindstrom displays threat-modeling best practices and shows how it can help protect your enterprise.
-
Anticipating the worst: Security threat awareness and mitigation
Many IT managers have been lulled into a false sense of security because cyberattacks haven't happened yet. The coin-flip principle provides an all-too-real cyberspace context.
-
Service-level agreement management: Defining security policy roles
More Premium Content Accessible For Free
Next-generation firewalls play by new rules
E-Zine
Firewalls started their journey to the next generation at about the same time as the Star Trek TV series. While the products have advanced with ...
Developing your endpoint security management transition plan
E-Handbook
This TechGuide will help you develop your endpoint security management transition plan. Articles focus on overcoming the challenges of Web-based ...
Unlock new pathways to network security architecture
E-Zine
Network security architecture is showing its age at many organizations. With new technology, different data types, and use of multi-generations of ...