Security

Five steps to analyse security systems

next

1 - What assets are you trying to protect?

2 - What are the risks to those assets?

3 - How well does the security solution mitigate those risks?

4 - What other risks does the security solution cause?

5 - What costs and trade-offs does the security solution impose?

Beyond Fear by Bruce Schneier
Springer; 1 edition (July 28, 2003)
ISBN: 0387026207

Scenario 1

next

One handheld computer storing

- appointments (clinics and personal)
- addresses (ward phone numbers, computer passwords)
- tasks (including name of the patient)
- memos (lecture notes, patient summaries)

Fives steps:

1 - What assets are you trying to protect?

2 - What are the risks to those assets?

3 - How well does the security solution mitigate those risks?

4 - What other risks does the security solution cause?

5 - What costs and trade-offs does the security solution impose

Scenario 1

next

One handheld computer storing

- appointments (clinics and personal)
- addresses (ward phone numbers, computer passwords)
- tasks (including name of the patient)
- memos (lecture notes, patient summaries)

Encryption

Scenario 2

next

One handheld computer storing

- appointments (clinics and personal)
- addresses (ward phone numbers, computer passwords)
- tasks (including name of the patient)
- memos (lecture notes, patient summaries)

- patient medical records

Synchronise with

- home PC
- work PC
- secretary's PC

Scenario 3