Ranking Threats by Decreasing Risk

Ranking Threats by Decreasing Risk

Commerce Server 2002

For each asset in your Commerce Server installation, prioritize possible threats by determining the following:

  • What is the chance of an attack occurring? That is, how much effort/cost/time would be required to mount the attack? 1 = high chance, 10 = low chance
  • What is the cost or damage to your site if an attack occurs? 1 = little damage, 10 = massive damage
  • Risk = Damage if an attack occurs / Chance of attack. 1 = little risk, 10 = massive risk

To reduce the risk to your Commerce Server installation, address the high-risk items first. When you do this, keep in mind the industry statistics in the following table. They show the current vulnerability distribution by cause of seven major threats.

VulnerabilityPercentage of attacks
Restrictions that can be bypassed20
Argument checking19
Unchecked buffer18
Incorrect control marking 10
Incorrect permissions 9
Architectural error 6
Other implementation error18

See Also

Identifying Techniques that Mitigate Threats

Copyright © 2005 Microsoft Corporation.
All rights reserved.
© 2015 Microsoft