Java Reference
In-Depth Information
risk to express concern over something that might lead to a security issue or an incident. We would
refrain from accessing our bank account on the Internet in an Internet café in another country,
as the systems in the Internet cafés there could be installed with malicious code and keyloggers,
which could capture usernames, passwords, and other sensitive data. We would also refrain from
shopping on Web sites without SSL (secure socket layer), as this information is unencrypted when
it is sent over the Internet. What does risk really consist of? Before we understand risk, let us delve
into the following two important concepts: vulnerability and threat.
2.2.2.1 Vulnerability
Vulnerability
can be deined as the lack of a safeguard causing a weakness that could be exploited.
Vulnerabilities may arise from the design, implementation, and coniguration of hardware, soft-
ware, or processes. For instance, if the main door of a house is not equipped with a locking mecha-
nism (or not locked), anyone can enter the house and steal all the valuables inside. he lack of the
locking mechanism for the main door (or, not locking) of the house is a vulnerability, as there is a
lack of a safeguard, which causes a weakness that can be potentially exploited by a thief.
2.2.2.2 Threat
hreat
can be deined as
anything that can identify the vulnerability and potentially exploit it.
hreats can be of various types. hreats could be human acts, power outages, and even natural
disasters like earthquakes or tsunamis—for instance, if the main door of a house is not equipped
with a locking mechanism (or not locked). In this case, the threat is the thief, who identiies the
vulnerability (which is the lack of a lock for the main door, or not locking) and exploits it (the
burglar will be able to steal all the owner's belongings from the house).
Let us explore the relationship between vulnerabilities and threats, with a possible scenario in
everyday life. A woman, in a foreign city, inishes shopping and is walking back to her hotel. She
inds herself in an unknown part of the city. here are few people in the streets. here are some
dark alleyways and some seemingly drunk people in these alleyways. She doesn't know anyone in
this city. She is carrying a substantial amount of money and some shopping bags. Before you get the
impression that this is the narrative of a horror story, let us explore the vulnerability and threat.
he vulnerabilities are as follows:
◾
he woman is in an unknown city in a seemingly dodgy part of town.
◾
She doesn't know anyone in the city.
◾
She is carrying money and shopping bags in an apparently unsafe area.
he threats are as follows:
◾
he woman might be mugged by someone who sees her shopping bags.
◾
Someone in the street might attack her.
2.2.2.3 Risk
Let us now explore the concept of risk.
Risk
is the likelihood that a threat can exploit vulnerability.
It can be clearly seen that risk is a product of threat and vulnerability. Without the presence of
either one, there would be no risk. To understand this better, let us look at the same example, but
Search WWH ::
Custom Search