This evening I watched a story on BBC News about the problem of bird flu. Here is the story broken down in proper risk assessment language.
- Two assets are at risk: human health and bird health. We'll concentrate on birds in this analysis. Healthy birds are the asset we wish to protect.
- The threat is wild migratory birds infected by bird flu.
- The threat uses an exploit, namely bird flu itself.
- The vulnerability possessed by the asset and exploited by the threat is lack of immunity to bird flu.
- A countermeasure to reduce the asset's exposure to the threat is keeping protected birds indoors, away from their wild counterparts.
- The risk is infection of domesticated birds by wild birds. All infected birds must be killed.
The TV story I watched contained this quote by reported Tom Heap:
"The lesson learned from foot-and-mouth [disease, which ravaged Europe several years ago] is to do your best to keep the disease out, but assume that will fail. Be ready to tackle any outbreak to prevent an epidemic."
Let's replace certain terms with the security counterparts:
"The lesson learned from the last time we were compromised is to do your best to keep intruders out, but assume that will fail. Be ready to respond to any intrusion to prevent complete compromise of the organization."
This is the power of using proper terminology. Lessons from other scientific fields can be applied to our own problems, and we avoid re-inventing the wheel.
0 komentar:
Posting Komentar