Security and Risk Management

Security and Risk Management

S.C. Lenny Koh (University of Sheffield, UK) and Stuart Maguire (University of Sheffield, UK)
DOI: 10.4018/978-1-60566-424-8.ch016
OnDemand PDF Download:
$37.50

Abstract

In information terms, security can be defined as the processes of ensuring that private information remains private and uncompromised in an atmosphere where all other information is free. Security techniques such as encryption, passwords, and firewalls are designed to prevent unauthorized access to information, to protect the integrity of computing resources, and to limit the potential damage that can be caused by attackers and intruders. The notion of a “secure computer” is relative though: the only truly secure computer is one powered down in a locked facility that no one has access to. Risk management is the ongoing process of assessing the risk to automated information resources. It is part of a risk-based approach used to determine adequate security for a system by analysing the threats and vulnerabilities and selecting appropriate cost-effective controls to achieve and maintain an acceptable level of risk (Maguire, 2002).
Chapter Preview

The value of information and knowledge is directly proportional to the risk of losing it. (Koh, 2007)

Top

Security And Risk Management Defined

In information terms, security can be defined as the processes of ensuring that private information remains private and uncompromised in an atmosphere where all other information is free. Security techniques such as encryption, passwords, and firewalls are designed to prevent unauthorized access to information, to protect the integrity of computing resources, and to limit the potential damage that can be caused by attackers and intruders. The notion of a “secure computer” is relative though: the only truly secure computer is one powered down in a locked facility that no one has access to.

Risk management is the ongoing process of assessing the risk to automated information resources. It is part of a risk-based approach used to determine adequate security for a system by analysing the threats and vulnerabilities and selecting appropriate cost-effective controls to achieve and maintain an acceptable level of risk (Maguire, 2002).

Figure 1.

Top

Prediction And Impact

According to the Pew Internet & American Life Project and Elon University in January 2005, two-thirds of security experts believe that the US will suffer a ‘devastating’ cyber attack within 10 years. The attack may hit critical infrastructure or large industries, like banking. To add another level of vulnerability into this risk, Cyota in January 2005 noted that almost half (44 percent) of online banking customers use the same password for multiple online services. Furthermore, 37 percent of online banking customers use the same password at other, less secure sites.

International Data Corporation predicted in December 2004 that revenues for antispyware software companies are expected to climb from USD12 million in 2003 to USD305 million in 2008. It is clear that with the increased adoption and utilisation of e-technology in our lives, the greater the risks it imposes on us.

Complete Chapter List

Search this Book:
Reset