FBI outlines three components of cyber-risk

FBI outlines three components of cyber-risk
FBI outlines three components of cyber-risk

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

Content-Transfer-Encoding: QUOTED-PRINTABLE

By Ben Bain
Feb 24, 2010

To make better cybersecurity-related decisions a senior FBI official 
recommends considering a simple algebraic equation=E2=80=94risk = threat x 
vulnerability x consequence=E2=80=94rather than solely focusing on threat 
vectors and actors.

Each factor is important, Steven Chabinsky, deputy assistant director at 
the FBI=E2=80=99s Cyber Division, said today. Chabinsky spoke on a panel at the 
Armed Forces Communications and Electronics Association Homeland 
Security Conference in Washington.

Nation-states that commit espionage, terrorist organizations, 
individuals interested in using the Internet as an attack tool and 
criminal syndicates are the types of attackers mostly likely to target 
computer systems in both the public and private sectors, he said. Threat 
vectors on which the FBI is focused include remote access and intrusion, 
supply chain vulnerabilities, proximate or close access threats, and 
insider access threats, he said.

Chabinsky said the risk model is compelling is because risk drops down 
to zero if any of those three elements or variables is zero. He said the 
risk model is the first place he goes when he needs to step back 


Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Register now for HITBSecConf2010 - Dubai, the premier 
deep-knowledge network security event in the GCC, 
featuring keynote speakers John Viega and Matt Watchinski! 


Site design & layout copyright © 1986-2014 CodeGods