Thursday, August 25, 2005

BBC News Understands Risk

This evening I watched a story on BBC News about the problem of bird flu. Here is the story broken down in proper risk assessment language.

  • Two assets are at risk: human health and bird health. We'll concentrate on birds in this analysis. Healthy birds are the asset we wish to protect.

  • The threat is wild migratory birds infected by bird flu.

  • The threat uses an exploit, namely bird flu itself.

  • The vulnerability possessed by the asset and exploited by the threat is lack of immunity to bird flu.

  • A countermeasure to reduce the asset's exposure to the threat is keeping protected birds indoors, away from their wild counterparts.

  • The risk is infection of domesticated birds by wild birds. All infected birds must be killed.


The TV story I watched contained this quote by reported Tom Heap:

"The lesson learned from foot-and-mouth [disease, which ravaged Europe several years ago] is to do your best to keep the disease out, but assume that will fail. Be ready to tackle any outbreak to prevent an epidemic."

Let's replace certain terms with the security counterparts:

"The lesson learned from the last time we were compromised is to do your best to keep intruders out, but assume that will fail. Be ready to respond to any intrusion to prevent complete compromise of the organization."

This is the power of using proper terminology. Lessons from other scientific fields can be applied to our own problems, and we avoid re-inventing the wheel.

3 comments:

pvaneynd said...

Of course the only way to 'tackle' a foot-and-mouth outbreak is to remove the vectors the disease uses. I remember the pyres well. And that was considered conservative in Belgium, where for bird flu the reaction is rather massive.

I see a problem in trying to convince management that the correct way to respond to a virus outbreak is to shutdown the computers. The problem is that most companies do not have the bio-diversity or redundancy to survive an outbreak. They cannot just switch to using Macs or unix machines which would save them from the current problems.

Introducing firewalls or limiting traffic is just like imposing a ban on moving cattle: ineffective.

Me I would start looking at using iSeries with 3270 terminals (true terminals, no PCs).

Anonymous said...
This comment has been removed by a blog administrator.
Richard Bejtlich said...

Let's keep the language clean, please.