In today’s modern world, the task of threat and risk assessment is based on prior experience and history. It is human nature to be limited in our imagination by prior experience. When identifying the threats to your business and systems, you need to have an imagination on the possibilities that could happen.

Threat and Risk assessment war stories

Potential risks are identified based on prior experiences. This can have two, converse and opposed, results. Either the threat is protected against, resulting in a weakness elsewhere, or there is a complacency that the threat could no longer be a risk.

In Japan, the Fukushima nuclear power plant was designed to withstand an earthquake of magnitude 7.9 – based upon analysis of the “worst case scenario” of the local conditions. When they were hit by a 9.0 magnitude quake, the plant was obviously not designed to take that level of damage.

When the World Trade Centre twin towers were built in New York in the ’70s, they were designed to withstand the impact of an airplane. However, they based this on the premise that the plane would be a small craft flying at low speed and low on fuel.

In one of my customers, they had implemented Microsoft Failover Clustering for a consolidated fileserver to maximise uptime. During the transition of multiple systems over to the cluster, a department head decided to remove the permission of “Administrators” to access ‘their’ data. This caused Cluster Manager to consider the share to be inaccessible and so failed over. Every 5 seconds.

Back in Novel Netware days, a company I worked at had implemented a cluster with two nodes – but they were a few feet apart, and in the basement. There was a flood, so both were lost. Then they separated them (by fibre – very expensive at that time) on to two floors – but they were lost again by a fire. Each time they had planned for the worst disaster they could imagine, but the reality exceeded their planning.

READ ARTICLE:   Backup for cloud

Think back to almost any virus outbreak (digital or biological) and you will identify that the vector of attack was previously not thought of being a risk – Office document Macros, USB key autorun, avian/swine flu, SSL session heartbeats, buffer overflows.

NASA negative thinking

One method to consider potential threats and risks is to use NASA Negative thinking techniques – what could possibly  go wrong here – with this process, component or system. Then, from the list of the most negative thing that could be considered, strategies and backup plans can be identified.

Share this knowledge