Mitigation and Deterrent Techniques
Among the risk strategies that can be pursued, and that were discussed in Chapter 1, are mitigation and deterrence. This section looks at various techniques for implementing those strategies, including manual bypassing of electronic controls, monitoring system logs, security posture, reporting, and detection/prevention controls.
Manual Bypassing of Electronic Controls
It is always possible for something to crash, be it an application, a system, a safeguard, or almost anything else. When it does fail—either through a crash or someone bypassing the expected control path—there are two states that it can fail in: failsafe (secure) or failopen (not secure).
When using failsafe, the application stops all work, reports ...