RISK ASSESSMENT 
Task 1. Read and translate the text:
Завдання 1. Прочитайте і перекладіть текст:
I. Risk assessment should be among the first steps in your design process, and will help you frame your further efforts to design a ... (систему безпеки). Making risk assessment a priority will also help you ... (переконати) your executive officers to be both informed about and integral to the beginnings of your securely designed project. During the risk assessment phase of design, you may find important supporters and champions among the executive officers: you should actively recruit their participation if they're not ... (ще не залучені).
II. Business majors and MBAs already know about the managerial aspects of risk assessment. This methodology is heavily used in most ... (офіс), especially with respect to business planning. Risk assessment is no less important in secure, ... (добре розробленому програмному забезпеченні) or applications development projects. Take advantage of the fact that your managers and executives are probably already familiar with ... (методикою оцінки ризиків). Armed with a common language and methodology, you can inform your managers of the relative risks to which the application exposes you or your customers, and you can additionally leverage their and buy-in. This will help you in the end: if there should ever be an attack on your application, you will already have a champion to go to bat for the ... (цілісність) of your application and the care with which it was designed.
III. The basic steps of risk assessment are as follows:
1. Identify protected resources
2. Assign relative value
3. Identify possible attackers
4. Estimate relative frequency of each kind of attacker
5. Carry out attack tree analysis (Identify possible attack routes)
6. Protect all possible attack routes (Protect attack routes)
IV. Protected resources include things like your customer database, customer credit card information, or personal information. If you thought about the policies regarding the privacy, disposition and handling of customer information and other social and legal issues you would understand that your risk assessment process ... (залежить більшою мірою) on such things. Your executive managers must be involved in deciding these policies.
V. For each resource, assign it a relative value (i.e. your customer credit card database will probably be more valuable than your vendor contact list). Next, ... (визначте) possible attackers. Frequent examples are the bored teenager, the disgruntled ex-employee, the corporate spy, or the government intelligence agent.
VI. Estimation of the skill, frequency and methods of the attacker all belong to a related process to risk assessment which Bruce Schneier calls 'attack tree analysis'. This process helps to formalize what's otherwise a significantly subjective process of analysis and assessment, and can help to prioritize your project's security goals. If you saw chapter 21 of Bruce Schneier's book: Secrets and Lies: Digital Security in a Networked World you could know more about attack trees. A ... (дуже рекомендований) resource on all of digital security.)
VII. Once you knew what routes or attack you should be ... (захищати) (from your attack tree analysis), you would already organize information about the ... (вид безпеки) you need to implement in your design. You may also find that this information will be helpful in writing security and privacy policies to accompany your application design efforts.
VIII. Please be very careful ... (виконуючи) your own research about risk assessment. It is very easy to confuse this process with another process, usually called 'security assessment'. A risk assessment is a process that people undertake (sometimes aided by organization-enhancing software) to determine risks surrounding their specific efforts. On the other hand, there are many software tools available for ... (оцінки безпеки) that will analyze your network and servers for known vulnerabilities.
IX. Three tips for using these kinds of software tools: 1) if you research the producing company carefully you will be sure you can trust them with the necessary access privileges before (установки програмного забезпечення) up mi your network, 2) test the tool in an isolated testing environment ... (до його застосування), and 3) strongly consider petitioning your internal Information Technology department or Help Desk for permission to run this kind of tool on your company's internal networks. Security assessment tools can he useful, but can not be 100% effective, and though they may help you do risk assessment for extant problems with existing software, they will not be able to ... (працювати замість вас) in regard to designing and developing new software and applications.
Task 2. Find the Russian equivalents:
Завдання 2. Дайте визначення наступним термінам по-російськи:
risk, assessment, attack tree analysis, customer database, security assessment, relative value, access privileges.
Task 3. Are the statements given below true or false? :
Завдання 3. Визначте істинність або хибність наступних пропозицій:
1. During the risk assessment phase of design, you may not find important supporters and champions among the executive officers.
2. Risk assessment is less important in secure, well designed software or applications development projects.
3. If there should ever be an attack on your application, you will already have a chance to go to bat for the integrity of your application and the care with which it was designed.
4. Protected resources include things like your customer database, customer credit card information, or personal information.
5. Your vendor contact list will probably be more valuable than your customer credit card database.
Task 4. Complete the sentences:
Завдання 4. Завершіть пропозиції:
1. Making risk assessment a priority will also help you ....
2. If there should ever be an attack on your application, ....
3. Protected resources include things like ....
4. .... which Bruce Schneier calls 'attack tree analysis'.
5. .... you would already organize information about the kind of security you need to implement in your design.
6. It is very easy to confuse ....
7. A risk assessment is a process ....
Task 5. Translate the sentences given below into English:
Завдання 5. Переведіть з російської на англійську:
1. Оцінка ризику - це процес, який люди затівають (іноді за допомогою особливого програмного забезпечення) з метою визначення можливих ризиків для їх професійної діяльності.
2. Існують також спеціальні комп'ютерні програми, здатні оцінити безпеку, перевіряючи мережу і сервери на можливі поразки.
LESSON 20 | Завдання 1. Прочитайте і перекладіть текст | What You Ought To Do. | Task 4. Say whether the statements given below are true or false. | LESSON 22 | Task 2. Answer the following questions. | LESSON 23 | LESSON 24 | HOW TO PROTECT AGAINST SHADOW DATA SECURITY | I. Basic Terminology |