In contrast with previous chapters, we shall not consider one particular aspect of system security, but we study instead the security of a system as a whole. We will formalize security not in binary terms, where a system is either secure or insecure, but rather in terms of risk.
In the first part of this chapter we explain risk as an attribute of harmful events as they occur over the lifetime of an information system. Our notion of risk combines the likelihood and the impact of an event and builds the central element of risk analysis. After defining the components of a risk analysis, we introduce an approach to carrying out this activity.
In the second part of this chapter, we apply our approach on an extended example. Although our risk analysis will not be complete, it should provide the reader with an impression of a typical risk analysis and the challenges that occur when conducting such an analysis.