Risk Hear it!

Risk definition - hacker
In security, its assessment is an attempt to assess or measure the likelihood that a cracker will successfully exploit system or network vulnerabilities. In its 2004 Global Security Survey, Deloitte reported that 83% of respondents confirmed that their companies’ systems had been exploited in some way in 2003—and the percentage is likely higher because of respondent underreporting. These compromised systems cost companies money. For example, in 2002, NetworkITWeek in the United Kingdom noted that KMPG consultants estimated that security breaches cost businesses an average of $108,000.

The underlying principle behind risk assessment considers three critical elements: assets, threats, and vulnerabilities. Assets include tangible items having value, such as computer systems, as well as intangible items having value, such as the company’s reputation. Thus, a primary step in risk assessment is to determine the items of value and their approximate value amounts—just as homeowners would determine their items of value and their approximate value amounts in order to buy the appropriate amount of insurance.

Threats are defined as the means that could be used by crackers or company insiders to compromise the companyÂ’s computer systems. An action plan and appropriate security devices should be employed to counter these threats.

Vulnerability assessment indicates the likelihood that an exploit could occur, including where in the system and how. Questions that typically need answering include, for example, the following: Are passwords produced properly and amended regularly? Are systems locked-down and are networks adequately secured?

A major challenge facing system administrators is to consider the threats to which valued company assets are vulnerable and determine what security efforts are required—and in what priority—to not only stop possible exploits from occurring but also to be able to quickly and effectively recover from these exploits should they occur.

See Also: Administrator; Cracking; CSI/FBI Survey; Exploit; Vulnerabilities of Computers.

McLean, D. Companies Neglect IT Security At Their Peril. The Globe and Mail, May 12, 2005, p. B9; Schell, B.H. and Martin, C. Contemporary World Issues Series: Cybercrime: A Reference Handbook. Santa Barbara, CA: ABC-CLIO, 2004.

Webster's New World Hacker Dictionary Copyright © 2006 by Bernadette Schell and Clemens Martin.
Published by Wiley Publishing, Inc., Indianapolis, Indiana.
Used by arrangement with John Wiley & Sons, Inc.

Comments
Improve this definition.
Do you have more to add? Share your linguistic knowledge or observation.
/Register to save your comments.