--Originally published at Eric tries to write down cool things
It’s a way to figure out how important is your system and how far you are willing to go to protect it.
Contingency plan
Plan for disaster, it may spell the difference between a problem and a catastrophe.Backups are the key to disaster planning.
Thread Modeling
Getting into more technical stuff one of the first steps into any kind of security developing life cycle model is threat modeling, therefore, is a procedure that optimizes any kind of app or network instance by identifying objectives and vulnerabilities, and then countermeasures to prevent or mitigate its effect.
Risk Rating Methodology
What is the risk between a DDoS and a phishing attack? How probably is each one? What are the fixing costs? The capacity to estimate the associated risks and impacts it has on the business. The following represents the formula that tells what a risk is composed of
Risk = likelihood * impact
There are a series of steps in order to measure the severity of the risk:
- Identify the risk
- Estimate the likelihood
- Estimate the impact
- Determine the severity of the risk
- Fix
- Adapt the risk rating model to the specific project.