Quantitative Risk Analysis

Quantitative risk analysis is done in 6 steps. Assign Asset Value (AV) Calculate Exposure Factor (EF) Calculate Single Loss Expectancy (SLE) Assess the annualised rate of occurrence (ARO) Derive the annualised loss expectancy (ALE) Perform cost/benefit analysis of countermeasures Exposure Factor (EF) represents the percentage of loss when an asset is violated.It can also be READ MORE

Categorizing Threats with STRIDE

It is always helpful to categorise the threats in a formal way and then deal with them. Microsoft has developed a threat categorisation scheme called STRIDE which is an acronym that stands for below list: Spoofing Tampering Repudiation Information Disclosure Denial of Service (DoS) Elevation of privilege Spoofing is gaining access to the target system with READ MORE

Levels of Classification for Security

There are 2 commons schemes for classification. Government/Military Classification Business/Private Sector Classification Government/Military Classifications has 5 levels Top Secret Secret Confidential Sensitive but unclassified Unclassified Top Secret is the highest level and unauthorised disclosure of this type of data will have drastic effects and can cause grave damage to national security. Top secret classified data READ MORE

Concept of AAA Services in Security

AAA services concept is a widely known security concept which stands for Authentication, Authorisation, Accounting (or Auditing).  Although, it is called AAA services and it only has the first letters of 3 elements, it actually represents 5 elements in a chain. Identification: Claiming to be an identity when attempting to access a resource. eg. typing username, READ MORE

Concept of CIA in Security

There are 3 most important principals of security called CIA triad in short of which are: Confidentiality Integrity Availability Confidentiality; is the measures used to ensure the protection of the secrecy of the resource. and the goal is to prevent or minimise unauthorised access to it. eg. Encryption, access controls … Integrity; is the concept READ MORE