Questions tagged [risk-analysis]
Risk Analysis is a practice used to identify and assess factors that may jeopardize the success of a project or achieving a goal. Security Risk Analysis or Risk Assessment could be Quantitative and Qualitative
169 questions
1 vote
1 answer
77 views
Considerations about threat modelling and risk assessment methodologies combination
I have some considerations about the following threat modelling and risk management combination approach: Is it a mistake for the standard ISO 27001 RA method (a well-established and standardised ...
- 31
0 votes
1 answer
160 views
risk assessment vs threat modelling
I want to have a definitive understanding of the terms risk assessment and threat modelling. I read different articles, but I still can't grasp the difference. How do I know which exercise I should do?...
- 559
2 votes
1 answer
101 views
Risks associated with client writes to queue
For higher API request volumes, some APIs will offer some form of batch API requests (e.g. 1, 2). These allow for one HTTP(S) call to send many effective requests, freeing up network resources and ...
- 173
3 votes
0 answers
158 views
Does a Risk Management approach work in Cybersecurity? [closed]
I was recently with a client discussing their cyber risks and what main risks we were going to focus on. "And your top 5 information security risks are risks 1,2,3,4,5" He then said to me, &...
- 1,107
1 vote
0 answers
85 views
Cyber Risk Management Strategy Implementation
I’m developing a Risk Management Implementation strategy for my small SaaS organization, and I’d appreciate your feedback on the soundness of the approach outlined below. We’re hosted in the cloud, ...
3 votes
2 answers
486 views
Why would one use radio instead of the Internet for secure communications?
This question is inspired by someone's comment on this question elsewhere In the modern era of Internet and encryption it's quite surprising that countries like Russia still regularly use coded radio ...
- 181
0 votes
1 answer
285 views
Threat and risk analysis of Microsoft Teams
I look on all the corporations and firms that have embraced Microsoft Teams in the past and I can not stop wondering if it is a disaster waiting to happen or if I am missing something important. We ...
- 405
1 vote
0 answers
124 views
How does a risk assessment for an EU project look like?
I have to add provide a draft of a risk assessment for a small EU project. As I've never done this, I struggle with identifying assets or vulnerabilities. I'm aware of very general lists, but I wonder ...
- 111
0 votes
1 answer
176 views
Are there any downsides to publically available encrypted data?
I have a key-value database that uses asymmetric RSA-OAEP encryption to encrypt the data. The data is stored in tuples of (public key, encrypted data). The user identifies their data by the public key,...
2 votes
1 answer
281 views
Is it dangerous to publicly surf the web while my browser is being run in an IDE?
While developing web software, I typically run a browser (chrome) from my IDE. Here's an example launch.json in VSCode: { // Use IntelliSense to learn about possible attributes. // Hover to ...
- 888
1 vote
1 answer
231 views
Security Implications of Automatic Updates?
I have a custom Debian router installation which I'm trying to keep both secure and low-maintenance. I've therefore set some scripts which keep my Docker containers, blocklists, and OS (security ...
2 votes
0 answers
552 views
What would be the security rationale for a hotel blocking only SSH traffic? [closed]
I recently stayed at a hotel where outbound SSH traffic (and seemingly only SSH traffic) was blocked on the guest WiFi network, and I'm trying to figure out what security-based rationale they might ...
- 695
-1 votes
1 answer
159 views
What is meant with "initial" in Initial Likelihood of risk scenario?
I m doing a Risk analysis according to an information security risk management guideline and in the risk assessement table there was a column called "initial Likelihood of risk scenario". ...
- 23
2 votes
0 answers
402 views
Is using a second hand/grey market phone for banking security a credible risk?
I asked this question in money about telling my bank about using a second hand or grey market mobile phone. The the implication of some of the comments is that any worry is misplaced. It seems to me ...
- 447
4 votes
2 answers
626 views
Likelihoods for risk assessment
I have been looking at risk assessments lately and I am looking for a way to practically estimate likelihood. Most people recommend assessing based on historical precedent which sounds great to me, ...
- 97