[unisog] Risk analysis
Valdis.Kletnieks at vt.edu
Wed Feb 22 00:08:23 GMT 2006
On Wed, 22 Feb 2006 09:25:40 +1100, Leigh Vincent said:
> But then why have it if it "Cannot Occur"? Where then do you draw the
Hey, I'm not the one with "Cannot Occur" issues in their risk assessment. ;)
The point is that you're multiplying by a number between 1 and 5, and the
threats at 5 are *much* more likely to actually happen than the ones at 1 and 2.
When you multiply by 1 and 2 (rather than 0.00004 and 0.005 or similar), you
end up artificially inflating the apparent risk of low-risk threats, resulting
in the strange numbers you get....
> line of what risks you would include. An elephant getting into the
> server room would cause major problems, but will never occur?? (Not in
> Australia anyway).
<hits the rewind button just about 2 decades>
One of the people on this list (not me) once had the misfortune of being the
admin of a computer that was a major Bitnet node. They had some construction.
A raccoon got into the building and under the raised floor. They decided to
cut the power till they got the critter out.
And our intrepid admin got to post the "We're going down due to a raccoon
attack" message late on the night of March 31, so when it showed up in
everybody's mailboxes, the datestamp said....
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 228 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20060221/664fb29c/attachment.bin
More information about the unisog