discover
news
lifestyle
entertainment
advice
your voice
video
scmp.com
Young Post is a unit ofSouth China Morning Post
Overview
news+
lifestyle+
entertainment+
advice+
your voice+
video
scmp.com
YPDiscoverLifestyleFeatures

With online security, it's best to always prepare for the worst

Published: 
Dr Daniel Tse Woon-kwan, Instructor, Department of Information Systems at City University of Hong Kong
Listen to this article

By using risk management techniques we can reduce the likelihood that we’ll be hit by hackers and internet crimes

Dr Daniel Tse Woon-kwan, Instructor, Department of Information Systems at City University of Hong Kong |
Published: 
Comment
Copied

Latest Articles

GlobalUnited States

Sombre mood at Columbia University as protests continue amid Israel-Gaza war

Hong Kong

Young Post’s sister branch, Posties, wins silver at global media awards

DiscoverBetter English

Faithful phrases: 9 idioms that will surely add a pious twist to your writing

FeaturesHong Kong

Companion dogs comfort Hong Kong’s seniors through new programme

MusicTaylor Swift

Taylor Swift’s storytelling shines in The Tortured Poets Department

Computer security breaches are becoming more and more severe nowadays. Internet crimes are pervasive and have spread into all walks of life.

Although there are security experts who help us by providing valuable advice, and we can buy products that can prevent security breaches, hacking techniques have also improved a lot.

As a result, the black and white camps are at war. In truth, there is no perfect cure for computer security protection.

The most prudent approach is to prepare for the worst. Before we can do so, we have some tasks to do.

These tasks are collectively known as risk management. In computer security, risks are the threats that we have to remove as soon as we can. Some risks cannot be eliminated, and so we have to manage them accordingly.

The first task in risk management is risk identification. We need to find out all possible threats facing us. These can be caused by humans (either through carelessness or intentional acts) or nature (eg acts of god). For example, we leave our phone on the bus, or receive malware after playing an online game.

After all the threats have been listed, we move on to risk analysis, where we prioritise the threats in sequence, according to possible occurrence.

For example, if you are absent-minded when you play online games, there is a bigger chance that you will leave the phone on the bus than receive malware. From this sequenced priority list, we can spread our efforts to counteract with threats appropriately. This is the third task: risk control.

There are five risk control strategies: defend, transfer, mitigate, accept, and terminate. Each risk may have a different risk control strategy to manage.

The choice of risk control strategy depends on the nature and the possibility of that risk. So if the risk of receiving a junk message is not that high, and that impact not too severe, we can “accept”.

If the risk of losing a phone is highly possible and its impact is severe because of privacy issues, we can “mitigate”.

In the mitigate strategy, we should have a contingency plan. Perhaps this would mean using the remote deletion function to erase content on the phone.

So take care, and prepare for the worst.

Sign up for the YP Teachers Newsletter
Get updates for teachers sent directly to your inbox
By registering, you agree to our T&C and Privacy Policy
Comment

trending topics

e-paper
YP is a unit of South China Morning Post.SCMPVisit scmp.com
About UsContact UsWrite for UsPrivacy PolicyTerms & Conditions
© 2024 South China Morning Post Publisher Ltd. All rights reserved.
find us at