Phase 1 Inspection

Risk analysis.
Risks can be minimized but not eliminated. Thus contingency plan needed.

Identify the info resources, evaluate the risks, apply security measures.
Security can not make it impossible to suffer a loss. Can reduce likelihood and make cost of attack prohibitve for the info gained.


Threats can not be eliminated, only anticipated. Safeguards to minimize threats' impact. You as prospective target: image, activities, associations


Vulnerability compromised by a threat causing a loss.
In HW & SW, policies & procedures, people. In anything that can be exploited by a threat. Known vulnerabilities are most common source of intrusions. Thus admin must keep up to date.

Safeguards: HW, SW, policies, procedures
proactive: protect info before it's compromised. Better but not always possible.
reactive: detect compromise and act to minimize damage. Always needed.

Evaluate current status: compare current security to areas the risk analysis has determined to be important.
--assess policies & procedures. compare with other organizations.
--test the quality