Consultant-speak about risk (one common version, anyhow)
Risk = ARO * SLE
ARO : The estimated Annual Rate of Occurance associated with exploitation of a given vulnerability
SLE : The estimated Single Loss Expectancy associated with the occurrence of such an incident
People have a tendency to underestimate risk
Project TICOM: Nazi cryptographers understood that Enigma was breakable, but never
anticipated that anyone would go to the immense trouble of breaking it.
Lame Excuses:
No one will do that!
Why would anyone do that?
(see Howard & LeBlanc)
Security by Obscurity: The false belief that hiding stuff is a trustworthy
strategy for controlling ARO.
This page is maintained by Foofus. Please direct comments and questions to
foofus <at> foofus.net.
![[Back]](leftArrow.gif)
![[Back]](homeArrow.gif)
![[Forward]](rightArrow.gif)