Risk and countermeasure definition
Two more IT security terms we need to define before moving on more advanced topics are:
- risk – in IT security, a risk is any event that could potentially cause a loss or damage to computer hardware, software, or data. The term refers to the likelihood of being targeted by a given attack, of an attack being successful, and general exposure to a given threat. If a threat exists, but proper countermeasures are in place, the potential for the threat to be successful is reduced (thus reducing the overall risk).
- countermeasure – a countermeasure is an action, device or process implemented to counteract a potential threat and thus reduce a risk. Countermeasures are implemented after vulnerabilities and risks have been identified. They can reduce or eliminate vulnerabilities and the likehood that the risk will be exploited. Some of the procedures used to implement countermeasures include:
- administrative – written policies, procedures, guidelines, and standards. A written Acceptable Use Policy (AUP), agreed to by each user on the network, is one example of an administrative procedure.
- physical – physical security for the servers, network devices, and infrastructure. One example is providing a locked door of a wiring closet with switches on any floor. Another example is a redundant system that uses UPS (Uninterruptible Power Supply).
- logical – passwords, firewalls, intrusion prevention systems, intrusion detection systems, access lists, VPNs, etc. They are sometimes referred to as technical controls.