Menu
Home
Log in / Register
 
Home arrow Computer Science arrow Securing Systems Applied Security Architecture and Threat Models
Source

Desired Security Posture

The ultimate goal of an ARA for the security of any system is to bring that system to a desired security posture. The operative term is “desired” or “intended.” Since there is no possibility of “100% secure” (since the world is full of unknowns), and particularly since merely connecting systems together and interacting through automation is fraught with cyber risk and cyber attacks against vulnerable software, a certain level of defense is almost always called for. But what is that “level of defense”?

There is no easy prescription or recipe to determine the desired risk posture. One can turn to the organization’s security policy and standards as a starting point. In organizations whose cyber-security function is relatively mature, there may exist standards that point the way to the controls that must be implemented.

Experienced practitioners may have a good “gut feeling” for what level of risk is acceptable and what is not. A mature GRC function may have conducted research into the organization’s risk tolerance and concerns. Desired posture may be calculated as a percentage of system cost or expected revenue. Or any combination of the foregoing may provide sufficient clues to derive a security posture.

In the absence of any of the above, it may come down to conducting interviews and listening to what is acceptable or not among the decision makers. In any event, it helps mitigate the influence of one’s personal risk tolerance to understand what the organization seeks from risk assessments, how much security needs to be implemented, and what risk can be tolerated.

 
Source
Found a mistake? Please highlight the word and press Shift + Enter  
< Prev   CONTENTS   Next >
 
Subjects
Accounting
Business & Finance
Communication
Computer Science
Economics
Education
Engineering
Environment
Geography
Health
History
Language & Literature
Law
Management
Marketing
Mathematics
Political science
Philosophy
Psychology
Religion
Sociology
Travel