9.Define the concepts of risk and threat and discuss the statement Can Essay

9.Define the concepts of risk and threat and discuss the statement Can you have Risk without Threat - Essay Example The whole idea can be also defined as: the ability of a certain system to protect all its information with respect to discretion and veracity .Another point to ponder upon is Note that the scope of this second definition includes system resources, which include CPUs, disks, and programs, in addition to information. A brawny security protocol addresses all three of these areas. Take, for example, Netscapes SSL (Secure Sockets Layer) protocol. It has enabled a detonation in ecommerce which is really about conviction (or more precisely, about the lack of trust). SSL overcomes the deficiency of conviction between transacting parties by ensuring discretion all the way through encryption, veracity through checksums, and substantiation by means of server certificates (see Chapter 15 of Unix System Security Tools). Access control -- Make sure that users admittance is only to those resources and services that they are permitted to access and that competent users are not denied access to services that they lawfully expect to receive These supplementary rudiments dont neatly put together into a particular definition. From one perception, the concepts of seclusion, discretion, and security are quite distinct and possess different attributes. Privacy is a property of individuals; discretion is a property of data; and security is a property assigned to computer hardware and software systems. From a realistic perspective, the concepts are interwoven. A system that does not sustain data discretion or entity privacy could be tentatively or even precisely "secure," but it probably wouldnt be wise to systematize it anywhere in the real world. Risk avoidance -- A security essential that starts with questions like: Does my organization or business engage in activities that are too risky? Do we really need an unobstructed Internet connection? Do we really need to computerize that secure business process? Should we really standardize on a