Risk Management & Web Security - Part 2
Risk Management Planning:
In part 1 we identified the areas where we were exposed to risk, evaluated them according to their likelihood of occurrence and their severity of impact. We prioritized our concerns and made ourselves ready to plan to control our risk.
Our prioritized list:
- Accessibility
- Authenctication and Authorization
- Confidentiality and Integrity
- Non-Repudiation
Here is a solid discussion of Denial of Services Attacks. As the most important threat to accessibility, I've offered this overview as a measure of understanding this specific exposure to risk. Let's assume, so that we can move forward, that our Top Notch IT staff has this issue in hand.
Authentication and Authorization are discussed at IBM's DeveloperWorks.
Risk Management Planning is a Focus on Solutions
This serves to illustrate the risk management approach. Even though the process begins with identifying exposure to risk, the unique perspective offered by the risk management process leads to a focus on solutions, not problems.
Resources you can actually use:
For all things development related, you can't go wrong with IBM's DeveloperWorks.
For all things web related, you can email Al Gore or just visit the World Wide Web Consortium.
For a deeper understanding of Risk Management, ABD's CyberSure® web site is a top notch.
