Summary
This chapter has focused on risk analysis and its relationship to incident response. Professionals within the field of computer and information security do not universally agree on the exact meaning of “risk analysis,” but at the most basic level, risk analysis means determining the expected amount of loss associated with each source or cause of loss in computing systems and networks. Both quantitative (in which the results are represented numerically) and qualitative risk analysis can be performed. Major types of risk include break-ins, execution of rogue programs, privilege escalation, exploitation of common gateway interface (CGI) scripts in web servers, denial of service, web defacement, viruses and worms, malicious active content, ...
Get Incident Response: A Strategic Guide to Handling System and Network Security Breaches now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
