Information Technology Reference
In-Depth Information
intended reduction. This was illustrated by a German case study involv-
ing taxicabs equipped with antilock braking systems. Because drivers felt
safer, they engaged in riskier behavior and ended up being involved in
more accidents than before the introduction of the “safer” braking sys-
tems. Clear and regular reminders of the purpose of security measures
can offset this effect somewhat, but the tendency remains.
Targeted Threats
Risk management practices involve four possible strategies that may be
used to address an identified threat
1.
Avoidance.
The risk may be avoided by selecting an alternate option
that does not include the same element of risk, or by a decision to
terminate the business process that creates the unacceptable risk.
2.
Transference.
The risk may be transferred to another responsible
agency, often through outsourcing or insurance protections. While
risk management and liability can be transferred, responsibility
remains with the organization and can produce negative results in
the “court of public opinion” that may not be easily overcome.
3.
Mitigation.
The risk may be reduced to an acceptable level by
including additional protections or by altering the parameters pro-
ducing the risk. Risk mitigation often comprises the bulk of risk
management effort and cost.
4.
Acceptance.
The risk may be identified, examined, documented
and formally accepted, provided the impact is fully understood and
recognized.
Targeted threats such as viruses, worms, spyware, and other malicious
code provide an elusive and varying level of risk that can be difficult to
address. Blended threat code and viral programming agents designed to
attack multiple operating systems and vulnerabilities can be created using
simple downloadable GUI-based utilities. Microsoft's popular Windows
platform draws the greatest attention because of its position as the leader
in total number of systems, but virus developers are increasing attacks on
Linux and other up-and-coming platforms as their market share increases.
Just as Sun moved its popular Java programming language into the
open-source arena, Apple moved its OS-X platform out of the open-
