The Top Ten Security Threats for 2008 (Part 3) – Risky Situations and Context

Opher Etzion provides a timely segway for Part 3 of this series on The Top Ten Security Threats for 2008 in his two blog posts, Context and Situation – are they synonyms? and The notion of context and its role in event processing.  

I will briefly illustrate and elaborate by applying the concepts of context and situation to risk identification, or the identification of increasingly risky situations, in terms of the three core contextual elements of risk, (1) threat, (2) vulnerability and (3) criticality.  

Risk Context and Situational Model

The intersection of the context (or elements) of risk, illustrated in the figure above, defines various situations relevant to risk and risk management.   Here is the context and the various situations:

(1) Threats environments that have no critical assets or known vulnerabilities. This is a bit like flesh eating zombies isolated on a remote island in uncharted ocean waters.   There is a low probability of a risky situation developing, except in those horror movies where shipwrecked bikini clad tourists enter the scene!  Then, we have the situation of barefoot people in bikinis (vulnerable) and some who are very beautiful (critical assets) – see situation (7) below!

 (2) Vulnerabilities in systems, programs, people, equipment or facilities that are not associated with critical assets and there are no known threats.    These are like the vulnerable barefoot bikini clad people on the ship who are not critical to the plot of the horror movie.

(3) Critical assets (information, systems, programs, people, equipment or facilities) for which there are no known vulnerabilities or threats.   These are the stars of the movie – the ones highly paid for their critical assets 🙂

(4) A threat or number of threats has acquired specific knowledge and/or capability to exploit a vulnerability to non-critical assets.  An example would be the people who are “killed early” in the horror movie, the vulnerable, non-critical assets!  

(5) Critical assets for which there are no known vulnerabilities but there is exposure to one or more specific threats.   These are like the strong, beautiful, undefeatable folks in our island of horror metaphor.  They are simply not vulnerable to the flesh eating zombies!

(6) Critical assets for which there are known vulnerabilities but no known threats.   These are like the bikini clad beautiful people before they landed on the island of terrible flesh eating zombies!

(7) Critical assets for which there are known vulnerabilities and threats.  This context defines the most risky situations for our cast of vulnerable, bareful, beautiful, fashionable, bikini clad tourists on the island of flesh eating zombies!   Run for your lives!!!

Situations and context?    We experience this in almost every moment of our lives.   Our senses provide the information for the context (somewhat autonomic, or lower level, cognitive context) and our minds formulate the (higher cognitive) situations.

So, where are the top ten security threats for 2008 I promised? 

Stay tuned…..

Advertisements

2 Responses to The Top Ten Security Threats for 2008 (Part 3) – Risky Situations and Context

  1. Opher Etzion says:

    Hi Tim. This is a good example that illustrates that a situation is detected by composing contexts and not by composing events; of course, there is an equivalent representation of this Venn Diagram in terms of pattern on events, but it is much more intuitive to understand when looking at it as intersection of contexts. I’ll use this example (with your copyright) in my class when explaining the students about different types of contexts.

    stay well,

    Opher

  2. Tim Bass says:

    Hi Opher!

    Thanks for checking in and commenting. I’m pleased you found the Venn Diagram useful. Keep up the great posts on http://epthinking.blogspot.com !

    Yours faithfully, Tim

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: