In awareness of excerpting when a post is fed to other pages. Common-necessary information would be placed at beginning.
- Identification: name, type, risk assessment, (re)solution
- Situation/status: impact, preventive/proactive actions, passive action/progress
- More details: characteristic, resolution (corrective action)
- Other references
Items
Subject: use term "Threat-alert" to be common among virus, security threat, spyware, etc. Then follow by threat's common name.
Labels/tags: attention, computer-security
Identification
- Name: threat's full/official name
- Type: from which we can determine the threat's major characteristic
- Severity: how much disaster the threat can do.
- Spreading: how fast/wide can the threat do outbreak.
- Difficulty: how long/difficult to remove the threat infection. Note that some case, repairing may not be difficult anymore but still takes long time.
- Protection: what are required to protect our systems against the threat.
Situation
- Impact: when, where, and how many that infection is found.
- Protection deployment status, or any preventive workaround and progress.
- Passive action/progress: for ones already got attacked.
More details
- Infection, risk condition: what kinds of system, process, characteristic that are risky to be attacked.
- Symptom: what can we notice when attacked?
- Resolution, correction: how to remove the threat after attack?
Remarks
Comparing risk-assessment attributes with FMEA
- Severity: same
- Occurrence: not really concerned in operation. We'd rather review current/known impact of each time.
- Detect risk: can be determined from "protection": i.e., it is high when protection is not available yet, and it is low when protection is effecient and successfully installed.
NAI/McAfee has a good attribute list -- where?
If quantifiable, risk assessment can be plotted as bubble chart:
- x = difficulty
- y = severity
- z = spreading
No comments:
Post a Comment