Ranking Threats by Decreasing Risk
For each asset in your Commerce Server installation, prioritize possible threats by determining the following:
- What is the chance of an attack occurring? That is, how much effort/cost/time would be required to mount the attack? 1 = high chance, 10 = low chance
- What is the cost or damage to your site if an attack occurs? 1 = little damage, 10 = massive damage
- Risk = Damage if an attack occurs / Chance of attack. 1 = little risk, 10 = massive risk
To reduce the risk to your Commerce Server installation, address the high-risk items first. When you do this, keep in mind the industry statistics in the following table. They show the current vulnerability distribution by cause of seven major threats.
|Vulnerability||Percentage of attacks|
|Restrictions that can be bypassed||20|
|Incorrect control marking||10|
|Other implementation error||18|
See AlsoCopyright © 2005 Microsoft Corporation.
All rights reserved.