Читать книгу You CAN Stop Stupid - Ira Winkler - Страница 51

Without a vulnerability to exploit, threats would be irrelevant. The reality, though, is that vulnerabilities are plentiful in just about any business environment. If you do any business at all, there will be vulnerabilities.

When we give presentations, we sometimes ask the audience, “Can anyone describe how to achieve perfect computer security?” The most common answer is, “Unplug the computer.” Our response is, “Congratulations! You just committed a denial-of-service attack against your own computer.”

There can never be a complete absence of vulnerability. You need to provide users with the ability to perform their job functions, and that will inevitably create vulnerabilities. Increasing the depth and breadth of functions provides an ability to provide more value, but doing so also provides the opportunity to create more loss. It all boils down to finding the right balance.

Different categories of vulnerabilities are more prominent than others in various organizations, and it is important to be aware of each of them and consider their relevance to your users. The following sections address some basic types of vulnerabilities to consider as you look to mitigate UIL. These include physical, operational, personnel, and technical vulnerabilities.