Saturday, January 10, 2004

Risk Management of Wireless Networks

To the layman, "risk management" may appear to be rationalization (coming up with an excuse to do something), it's actually a decision process whether or not to do or use something. Keeping in mind that risk equates to the existance of a vulnerability coupled with the threat of that vulnerability being exploited, "Risk managment" actually boils down to:
  • Risk Acceptance - accepting the threats and vulnerabilities associated with using a specific technology
  • Risk Avoidance - removing the threat, the vulnerabilty, or both
  • Risk Mitigation - reducing the threat and/or the vulnerability to the point where it is acceptable
  • Risk Transferance - making someone else responsible for the threat/vulnerability

To this end, BankInfoSecurity.com has an article entitled "Risk Management of Wireless Networks".