Beyond Risks
Going back to Beyond Fear - and thinking back to my IT-OPS days - then filtering through my current filter - I came up with the following.
People exaggerate spectacular but rare risks and downplay common risks.How many disaster recovery programs look at the worst-case scenarios - while ignoring the possibility that the postroom label printer PC is their worst enemy?
People have trouble estimating risks for anything not exactly like their normal situation.Your building burning down, struck by lightning, a flood that buries your data centre, or a terrorist bomb are not "normal" situations.
Plan for them now and when a backhoe cuts your power and phone - you can cope.
Personified risks are perceived to be greater than anonymous risks.The "I must be target" syndrome.
Maybe you are and maybe you aren't.
You only need to assess it properly and not give into the FUD factor - then take appropriate measures.
People underestimate risks they willingly take and overestimate risks in situations they can't control.So they outsource their IT infrastructure in the hope they won't be held responsible when it all fails ...
People overestimate risks that are being talked about and remain an object of public scrutiny.Of course!
I think its called the "Advertising" these days ...
It looks to me that "black hats" and "white hats" alike are making a LOT of money from these threats ,,,
How *do* you think that these "security companies" who specialise in patching up the incompetencies of the Big Software companies make a living?
By patching up the "insecurity" factors of YOUR operating system - the elements that need "patch tuesday" on a weekly basis.
But - why should they need to?
Why isn't the operating system secure in the first place?
Enquiring minds want to know ...
DISCLAIMER: This risk assesement document is skewed towards Docklands in London - hence the emphasis on fire, flood and terrorist bombs - all of which I had to prepare for ...
Tags: bruce schneier, security, risk assesment, internet security, fud, advertising