Security Basics mailing list archives
Re: List of Information Security Threats
From: Shailesh Rangari <shailesh.sf () gmail com>
Date: Tue, 10 Mar 2009 16:33:48 -0400
I second that opinion. Thats the way 'Risk Assessment' is done. It is better to Identify all the Assets that need to be Secured and then brainstorm over the potential Threats one would be Vulnerable to. Though its not a bad idea to enumerate some generic threats, but then you should refrain yourself from matching these generic threats to your assets compulsively.
Shailesh On Mar 10, 2009, at 11:25 AM, jwmeritt () aol com wrote:
In my opinion, the way to go would not be to enumerate generic "threats" (which they may ignore anyway) but to acquire an exhaustive list of their information assets (phone numbers, proprietary documents, shipping... ) and then go through THAT list and write the identified threats against THAT. They will be much less likely to ignore something if it explicitely is a threat TO THEM.
Current thread:
- List of Information Security Threats sfmailsbm (Mar 04)
- <Possible follow-ups>
- Re: List of Information Security Threats m . amit30 (Mar 05)
- Re: List of Information Security Threats Meenal Mukadam (Mar 06)
- Re: Re: List of Information Security Threats praveen_recker (Mar 09)
- Re: List of Information Security Threats jwmeritt (Mar 10)
- Re: List of Information Security Threats Shailesh Rangari (Mar 11)