Lead Image © Helder Almeida, 123RF.com

Lead Image © Helder Almeida, 123RF.com

What's the Risk?

Welcome

Article from ADMIN 46/2018
By
As system administrators, we are continually challenged with balancing risk vs. benefit. In everything we do, touch, or alter, there is risk.

As system administrators, we are continually challenged with balancing risk vs. benefit. In everything we do, touch, or alter, there is risk. Even something as benign as creating a new user account can have far-reaching potential risks and consequences. We must worry about external threats, insider threats, hardware failure, user error, software anomalies, patching, physical security, and our own fat-fingering. Every action we take can result in a very negative reaction. Managing risk is but one of our many jobs. Mitigating risk is our goal. To that end, I have devised a short list of five risk types for my fellow sys admin travelers.

  1. Known
  2. Acceptable
  3. Avoidable
  4. Unacceptable
  5. Unpredictable

Known risks are those that always hang over our heads. These are not risks that we have caused or that someone else caused; they are just risks that exist, and we know about them. For example, creating a user account has known risks. When you create a user account, that user might become an insider threat or elevate their privileges on your system. This is a known risk of creating any user account. Perhaps the user account that presents the greatest risk is that of a service account – especially those with (gasp) elevated privileges. We know this is a big risk, but we sometimes must accept certain risks to get a job done, which leads me to the next risk type.

Acceptable risks are those we know about but must accept as unavoidable. They are a level of risk that we must accept to productively get through the day. There is a risk in connecting your business or home to the Internet. We know that hackers are out there. We know that they want our money, our reputations, our available credit, or some other valuable information, but we also must work in these Internet-connected times. We stay connected 24/7/365, and the threats remain 24/7/365. We can protect ourselves, but there is always going to be some level

...
Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Vulnerability assessment best practices for enterprises
    A vulnerability assessment is an important step toward protecting an organization's critical IT assets.
  • Harden your OpenStack configuration
    Any OpenStack installation that hosts services and VMs for several customers poses a challenge for the security-conscious admin. Hardening the overall system can turn the porous walls into a fortress – but you'll need more than a little mortar.
  • Tricking Intruders with HoneypotMe

    A honeypot is a specialized security tool that pretends to be an ordinary system to attract and identify attackers. Experienced intruders, however, are not so easily fooled. An experimental new technology known as HoneypotMe moves honeypot functionality to real systems on the production network.

  • Stopping SQL Injection

    SQL injection can strike at any moment. GreenSQL is an effective remedy that sits between the database and application and filters out suspicious queries.

  • Blocking SQL injections with GreenSQL
    SQL injection can strike at any moment. GreenSQL is an effective remedy that sits between the database and application and filters out suspicious queries.
comments powered by Disqus