Security threats and risks

work group

عفاف عوض الحربي

غادة عبدالله اللقماني

جواهر عياد اللهيبي

وعد عبدالعزيز الصاعدي

 

 

Security Overview

Background

Any organization that has a computer system and sensitive information wants to protect that information.

This section of this paper focuses on the background of security. It also looks at the importance of planning for possible threats and defining policies to limit the vulnerabilities that exist in a system and its security policies.

The greatest threat to computer systems and their information comes from humans, through actions that are either malicious or ignorant. When the action is malicious, some motivation or goal is generally behind the attack. For instance, the goal could be to disrupt normal business operations, thereby denying data availability and production. This could happen between two rival companies or even as a hoax. Here is a real life example:

April 13, 2000, 3:55 P.M. Pacific time: The Web site for the Motion Pictures Association of America (MPAA) is suffering intermittent outages, and the organization suspects computer vandals are to blame. A source inside the organization, who asked not to be identified, said that the MPAA is currently "experiencing problems with their public Web site, and they suspect a denial-of-service attack." The attack was first rumored on http://www.hackernews.com/, a Web site for news on computer hacking.

To achieve their goals, attackers use well-known techniques and methods to exploit vulnerabilities in security policies and systems. The next section on security deals with the general threats associated with computer systems and discusses the motives or goals the attackers have, techniques and methods for gaining access, and the various vulnerabilities that could exist in systems and security policies.

Not all threats, goals, vulnerabilities, and methods are discussed because they are so numerous and they differ for each situation, organization, and system. Instead of identifying each, the section on threats presents a guideline outlining how to identify various threats, methods, and vulnerabilities that exist in systems.

Defining Security

Computer security means to protect information. It deals with the prevention and detection of unauthorized actions by users of a computer. Lately it has been extended to include privacy, confidentiality, and integrity.

The Need for Security:

Administrators normally find that putting together a security policy that restricts both users and attacks is time consuming and costly. Users also become disgruntled at the heavy security policies making their work difficult for no discernible reason, causing bad politics within the company. Planning an audit policy on huge networks takes up both server resources and time, and often administrators take no note of the audited events. A common attitude among users is that if no secret work is being performed, why bother implementing security.

There is a price to pay when a half-hearted security plan is put into action. It can result in unexpected disaster. A password policy that allows users to use blank or weak passwords is a hacker's paradise. No firewall or proxy protection between the organization's private local area network (LAN) and the public Internet makes the company a target for cyber crime.

Organizations will need to determine the price they are willing to pay in order to protect data and other assets. This cost must be weighed against the costs of losing information and hardware and disrupting services. The idea is to find the correct balance. If the data needs minimal protection and the loss of that data is not going to cost the company, then the cost of protecting that data will be less. If the data is sensitive and needs maximum protection, then the opposite is normally true.

Now we specify defined security in threats and risk:

A security threat:

 is any incident or confrontation that jeopardizes security, which, defined by the Collins English Dictionary, is “precautions taken to ensure against theft, espionage, etc.” The U.S. Department of Homeland Security is the United States’ program against security threats.

Security Threat Types:

Environmental Threats

        Environmental threats are facets of your environment that pose a security risk. If out on the town, environmental threats might include a poorly lit alley or the kind of crowd through which you're moving. An environmental threat for a secure facility might be a tree with a branch that grows past a perimeter fence.

Awareness is the best safeguard against environmental threats. Recognizing them is the first step in forming a plan to meet and mitigate the problem.

Physical Threats

               Physical threats are real and often immediate threats to your well-being, the structure of a facility or to maintaining possession of an asset. A mugger is an example of a physical threat on your person, as is an oncoming car.

Physical threats are best dealt with via direct action. The safest personal response is to leave the area and call the authorities. If you cannot safely do this or live in an area where authorities aren't responsive, you may require the services of a private security firm.

Information Threats

      Information threats are "leaks" of knowledge that could be used to create a security breach. At the national security level, these threats are dealt with via active anti-hacking teams and by keeping sensitive information in the hands of trustworthy personnel. At the personal level, you handle information threats by keeping your passwords and pin numbers secret. If you fear there has been an information security breach in your area, you should notify everybody concerned and immediately change as much information as you can to render the leaked information useless.

Passive Threats

         A passive threat is a threat that hasn't yet happened - an opportunity for somebody to take advantage. Some environmental threats are also passive threats, as are breaches in security protocols for information or physical security. Security consultants make their living by identifying passive security threats and recommending ways to alleviate them, such as better lighting, security cameras and altered business protocols.

Aggressive Threats

        An aggressive threat is somebody actively attempting to breach your security, such a a hacker, burglar or attacker. On-site security is the best countermeasure for facilities at a high risk for aggressive threats. For everybody else, the safest course of action is identical to your response to a physical threat: Leave the area as quickly as possible and immediately notify the appropriate authorities.

 

What Is Threat Assessment   

According to the U.S. Secret Service, threat assessments are completed to judge the chances of violent acts taking place against property or public officials. Threat assessments identify, assess and show how to manage those with the ability to commit acts of violence.

Types of Threat Assessment

Anyone who has watched the news knows that there are many kinds of threats to the public safety and welfare: national security threats from hostile nations and terrorist organizations, environmental threats to the air, water and soil and threats of targeted violence from would-be assassins. Correspondingly, there are many individuals whose job involves threat assessment, and these include FBI officers, local police, intelligence agents and environmental hazard analysts.

Targeted Violence

        Secret Service agents and other federal and local law enforcement officers are frequently assigned the task of assessing a threat of targeted violence. This is done through gathering of intelligence about the suspect's personality, possible motivations and capacity to carry out a violent intention. Some of the indications of a serious threat include a suspect attempting to arm him or herself, expressing an inappropriate and ongoing interest in a protected person and engaging in violent behavior towards friends or family.

National Security

        Intelligence agents are those who have the primary responsibility for assessing threats to national security such as those emanating from terrorist organizations. This process involves monitoring suspected individuals and organizations through intelligence networks and analyzing the data to find patterns which predict threats.

Environmental Hazards

·         An environmental analyst assesses threats from hazardous materials or other pollutants in the air, water and soil. For instance, this may take the form of an assessment of the threat posed to a town or city from a chemical or nuclear plant. Occupational hazards to employees constitute another type of threat that such professionals may assess.

Computer Security Threats

Computer security threats are relentlessly inventive. Masters of disguise and manipulation, these threats constantly evolve to find new ways to annoy, steal and harm. Arm yourself with information and resources to safeguard against complex and growing computer security threats and stay safe online.

Threats and risks faced by the systems and information security:
There are a lot of threats and risks facing the information security and can be divided into two main sections:
1. Department often cannot predictable and not human hands which is the Department of the threats and risks resulting from natural disasters.
2. The offending section is the result of human neglect him or works of his hands making different intentions and goals.

First: Section threats and risks resulting from natural disasters:
Of the most important threats resulting from natural disasters as follows:
1. High temperature:
It is well known that high temperature adversely affect the performance of electronic devices, storage devices and treatment, so it is important to put the devices in places and cold stores.

2. Earthquakes and seismic:
The seismic disaster and earthquakes that may result in significant damage. So you should take preventive measures, including the failure to put the devices in places to be eligible for the fall.

3. Fire:
Fires a variety of reasons, some of which may result from negligence may lead to damage to the full when they occur. The fire detection devices is a prerequisite in any facility to remedy the situation early and minimize losses.

4. Floods:
The water from entering the devices may lead to damage and therefore damage to data and information stored inside and the inability to retrieve.

5. Power outage:
Outage could lead to the closure of the device is safe, and may lead to loss of some information that was stored. Owners must secure a backup generator to avoid damage caused by interruptions.

Second: Department of the threats and risks of man-made

This section falls below many threats that are increasingly serious and complex day after day. The most important of these threats include:
1. Malware (Malware):
As defined by Wikipedia, it means: "code cunning or malignant, a program dedicated to infiltrate computer system or destroy it without the consent of the owner and that was installed malware it is very difficult to remove. According degree program can range from harmless inconvenience simple (some windows unwanted advertising through the work of the user on the computer is connected or not connected to the network) to harm beyond repair requires reformatting the hard drive,

for example,
Also during this malware can the person who sent it to get confidential information or change of such information without the owner of the device senses this. And falls under this type of software are many examples of the best known viruses, and Trojans. In the case of organ injury this malware completely removed is never an easy thing.

2. Social engineering:
The most popular methods currently used and their employees seeking to obtain certain confidential information through social relations and methods. He raised questions and identity theft and send e-mail messages and phone calls, track user time entered her password and search in the trash papers that contain important information is one of the means by which they are social engineering .

3Neglect and staff at the facility
Negligence may cause employees to leak important information which may leave his machine open and out of the office, leaving the other opportunity to infiltrate and get what he wants. Or may leave the password written next to the device or in an unsafe place Visttia someone else's knowledge, to other types of neglect.

4. Disgruntled employees or hate working in the facility:
One of the most serious threats are those that come from staff established themselves because they know people security systems used in them and let them know the existing gaps. Care must be taken and caution them and treated by gentle persuasion so as not to inflict damage on the facility. Upset caseworker or be expelled from his work may leave the rear doors in the system (backdoors) allow him to enter and destroy the system and disable it out of revenge.

5. Human errors:
Rights may be wrong and may inadvertently delete data or stored incorrectly or may enter the wrong data to the system result in wrong decisions.

6. Gaps in the system:
Weaknesses and imbalances in the system that allow hackers to reduce the security of the system through it. And can penetrating through the gaps that do a lot, he can change the password and thus the primary user can not access their account, and in some cases can be controlled in full control device to the other damage that may be caused by the presence of these gaps .
Also falls under this section theft and electronic theft and extortion to get the information.
Some of the implications of those risks when they occur .

 

Things that have on those threats and risks such as:
1. Corrupt data stored or damage to the whole or a part of it.
2. Loss of the evidence for confidentiality in the event informed unauthorized person.
3. Change information stored by penetrating and thus lose their accuracy and confidentiality of the information.
4. Change word Almrro by penetrating and thus can not account holder access to their account and access to information that is supposed to reach it and seen it.

How Security Threats Effect PC Performance:

Security threats are everywhere - spyware and adware installed inadvertently over the internet, viruses transmitted through email, key loggers penetrating your firewall, malicious code broadcast over peer-to-peer networks. Here are five threats that will reduce system performance, destabilize your system, generate unusual behavior, modify your Windows Registry and hog your Internet bandwidth.

Security threats are everywhere:

The Sources: software downloads, peer-to-peer networks (e.g., Kazaa), floppies, CD or DVDs, emails and their attachments, chat rooms, your colleagues on the network and the Internet in general.

The Threats: spyware and adware installed inadvertently over the internet, viruses transmitted through email, key loggers penetrating your firewall, malicious code broadcast over peer-to-peer networks.

Aside from the threat to the safety of your data, malware can have serious effects on your system and resource performance. Even your internet connection and network bandwidth can be at risk.

The most important types of computer security threats:

Spyware

 

Spyware is software that has the capability to scan computers or monitor activity and relay information to other computers or locations in cyberspace. Among the information that can be actively or passively gathered and disseminated by spyware are passwords, log-in details, account numbers, personal information, and individual files or other personal documents. Spyware can also gather and distribute information related to the user’s computer, applications running on the computer, and Internet browser usage or other computing habits.

Spyware frequently attempts to remain unnoticed, either by actively hiding or by simply not making its presence on a computer known to the user. Spyware can be downloaded from Web sites (typically in shareware or freeware), email messages, and instant messengers. Additionally, a user might unknowingly receive and/or trigger spyware by accepting an End User License Agreement from a software program linked to the spyware or from visiting a Web site that downloads the spyware with or without an End User License Agreement.

A survey in late 2004 examined the prevalence of spyware on consumer PCs. This survey found that more than two-thirds of all computers surveyed had some form of spyware present, commonly with multiple forms or variants present on a single computer. The burgeoning growth of these risks has reached such proportions that the Electronic Privacy Information Center (EPIC) has listed the need for antispyware, antivirus, and firewall software as the no. 3 item on their "Top Ten Consumer Privacy Resolutions."

Adware                                                         

Adware is designed to deliver advertising content to a user, often mining the user’s browsing habits to provide directed advertising of products or services the user is most likely to want. As a result of this practice, many users see this type of software as somewhat innocuous, without realizing that this information is being gathered and may be sent to other parties elsewhere without their consent. Spammers often buy lists compiled by such programs to target a flood of unsolicited email to the user’s address.

Browser-hijacking adware programs can redirect a user’s home page to a different site, intercept search engine, or browsing URLs, and redirect the user to alternate locations or otherwise attempt to control the user’s Web browser client. Programs such as Xupiter and CoolWebSearch are examples of this type of adware.

Worms

One of the most harmless threats where it is program designed only to spread. It does not alter your system to cause you to have a nightmare with your computer, but it can spread from one computer to another computer within a network or even the internet. The computer security risk here is, it will use up your computer hard disk space due to the replication and took up most of your bandwidth due to the spread.

Hack Tools

These are tools that a hacker or unauthorized user can use to attack, gain unauthorized access to, or perform identification or fingerprinting of your computer. Hack tools generally do the following:

·         Attempt to gain information on or access hosts surreptitiously, utilizing methods that circumvent or bypass obvious security mechanisms inherent to the system they are installed on.

·         Facilitate an attempt at disabling a target computer, preventing its normal use.

·         Facilitate attacks on third-party computers as part of a direct or distributed denial-of-service attempt.

One example of a hack tool is a keystroke logger, a program that tracks and records individual keystrokes, and can send this information back to the hacker.

Joke Programs

Mostly harmless, these programs generally create distractions by causing animated characters to wander around a user’s screen randomly or by interrupting normal operations to display a fake computer crash message. Such programs are typically benign but can cost a business a great deal of lost time trying to eliminate programs from infected hosts.

Dialers

Dialers are a form of risk that intercept connectivity requests to a user’s normal ISP and instead dial on their own to connect a user to an alternate phone service. Often these numbers are long-distance calls, sometimes dialing numbers with exorbitant per-minute toll fees. Although decreasing in number due to the expansion of cable modem and DSL broadband connectivity, these programs can cost users money and effort, and can also endanger user information.

Remote Access

Remote access programs allow an unauthorized user or remote terminal to interact with a user’s desktop or other devices connected to a running computer. Some of these programs relay the desktop to a remote viewing client so that the originator can observe exactly what the user sees. Others actually allow the originator to take over a user’s console by entering keystrokes or moving the mouse as if the hacker were sitting at the compromised computer’s console.

A few of these programs can be used to surreptitiously access a computer’s attached devices, such as webcams and microphones, to better spy on users without alerting them to this behavior. Although there are a number of valid uses for remote access clients in the modern business environment, most of these programs hide their existence from the user and can present an extreme risk to users working with sensitive or protected information, trade secrets, or other similarly valued dat

Top Security Threats from Spyware:

As a consultant, you are privy to sensitive client data. It may be stored on your business computers, along with information, passwords and account numbers from your own business. And that makes you vulnerable to security risks, such as identify theft. Using spyware, cyber thieves are watching your every move, and are ready to steal valuable data from your computer. What threat does spyware pose to your consulting business?

Nuisance

Perhaps the least destructive type of spyware is the one that allows adware to be displayed on your computer screen. It takes up valuable memory, slows your connection, or can simply reset your home page to another site. None of these are desirable actions but they are also typically little more than an annoyance. Their threat level is low but it does still pose a risk. If this type of spyware makes it onto your computer system, it can also open the door to a more malicious version of spyware which can cause significant damage.

Tracking

Many spyware programs are designed specifically to monitor and record your behaviors, such as track websites you visit online, or monitor your use of other web-based programs. Again, the threat level is low, unless the program uses the information to also record data you are providing to the other sites.

 

Redirecting URLs

Spyware programs are also capable of redirecting your computer to a particular website, regardless of what URL, or website address, you type. By redirecting a URL, it can mean lots of extra money for a cyber crook. That's because businesses, legitimate and otherwise, often pay money for every visitor that's directed to their site. Using spyware is a quick, but illegal means to provide lots of visitors. Additionally, spyware could redirect you to a site that loads more dangerous spyware programs onto your computer. Again, it's a low-level risk that could become dangerous if it perpetuates the loading of more intrusive programs onto your system.

 

Shutting Down Systems

Spyware is also capable of activities such as completely shutting down your computer, or permanently erasing or damaging files. Valuable client files could be destroyed in a blink of an eye, making this type of spyware threat high-risk.

 

Acting as a Controlling Server

Another high-risk threat is spyware's ability to use your computer as a server. The spyware embeds itself in your computer and then acts as a remote server to distribute other harmful programs or images, without your permission. Suddenly, your computer is the vehicle for delivering malicious programs.

 

Identity Theft

Perhaps one of the highest risk activities of spyware is the fact that it allows your keystrokes to be logged. In other words, the software records pertinent information as you type it, such as passwords and credit card account numbers. Once that data is sent back to the spyware's originator, the cyber thief can do a great deal of financial damage to your company, or your clients' companies.

Top Security Threats and Risks

There are many threats and risks associated with moving to cloud, so users and agencies need to evaluate their risk tolerance up front and also ensure that cloud providers are giving clear and documented service level agreements and security protection.أعلى النموذج

Cautions and Considerations

The evaluation of security procedures and processes is crucial when an agency considers a move to the cloud. There are a number of security issues/concerns associated with cloud computing but these issues fall into two broad categories: Security issues faced by cloud providers (organizations providing Software-,Platform-, or Infrastructure-as-a-Service via the cloud) and security issues faced by their customers. In most cases, the provider must ensure that their infrastructure is secure and that their clients’ data and applications are protected while the customer must ensure that the provider has taken the proper security measures to protect their information.

Insecure Interfaces/ APIs

It is important to evaluate application program interfaces before making a decision about your agency's cloud risk. Make sure cloud providers actually ensure strong authentication, access control, and preferably use encrypted transmissions.

Data Loss/Leakage

Always encrypt your data while at rest, if you can do it, do it in flight and in use as well. Implement strong key management life-cycle practices and if possible, contractually demand providers to wipe persistent media before they release it back into the shared storage pool. And you want to make sure that the provider specifies the backup and retention strategies as well.

Account Service Hijacking

Agencies and organizations need to ensure credentials that are being used for authentication are not being shared. Also, it is important to have the cloud provider’s security policies and service level agreements reviewed and documented to make sure that the production results fit within the tolerance of your risk profile.

How to Assess Home Security Risk:

Home network security is not something to be taken lightly. By analyzing your antivirus, firewall and file encryption, you can determine if your personal information is at risk for an Internet attack.

Instructions

o    1

Download and install an antivirus software program, if you are not currently running one. Look for software that conducts a real-time scan, will monitor email attachments, as well as do a full scan of your computer at least once a week. Recommended is Avast, Home Edition.

o    2

Configure your personal firewall. If you are running a Windows-based machine, you can configure the built-in Windows Firewall under your Control Panel. Open your Control Panel, then select "Security Center." From there you can customize your firewall options.

o    3

Ensure that your Internet browser's phishing filter is turned on. Internet Explorer 8 has a built-in filter, which can be customized by opening the tools menu bar and selecting the phishing filter option. Firefox 3 also has a built-in filter that is by default turned on. You can customize your filter options by going to the Tools menu, and selecting "Options" > "Security."

o    4

Online transactions can be a large security risk. When beginning an online transaction, make sure the browser and site are secure. You can identify the security of a website by looking at the URL and locating the "https://" in the address. The "s" assures that the site takes extra precautions in encrypting and safekeeping of your information.

How to secure your PC in 10 easy steps:

1)      Encrypt your network connection

2)      Encrypt sensitive files stored locally

3)      Encrypt private information stored in the cloud

4)      Use a free VPN service to protect public Wi-Fi connections

5)      Prevent keystroke loggers, other data snoops

6)      Perform a manual virus scan with the free Malware bytes Anti-Malware

7)      Disable images in e-mail

8)      Be wary of e-mail attachments

9)      Destroy old data

10)  Use a standard (no administrator) account in Windows.

 

 

Conclusion:
Day after day, getting used complex systems and therefore more difficult to protect those systems and the preservation of information within the devices safely. With all these threats surrounding it cannot reach a state of full protection and security, but must take all precautions and prevention, we can avoid some of those threats and minimize the damage resulting from the others as soon as they occur.

Risk analysis and protection needs

Human rights defenders’ work can have a negative impact on specific actors’ interests, and this can in turn put defenders at risk. It is therefore important to stress that risk is an inherent part of defenders’ lives in certain countries.

The issue of risk can be broken down in the following way:

Analyse main stakeholders´ interests and strategies -> Assess impact of defenders´ work :on those interests and strategies -> Assess threat against defenders -> Assess :vulnerabilities and capacities of defenders -> Establish Risk

In other words, the work you do as a defender may increase the risk you face.

·         What you do can lead to threats

·         How, where, and when you work raises issues about your vulnerabilities and capacities.

There is no widely accepted definition of risk, but we can say that risk refers to possible events, however uncertain, that result in harm.

In any given situation, everyone working on human rights may face a common level of danger, but not everyone is equally vulnerable to that general risk just by being in the same place. Vulnerability - the possibility that a defender or a group will suffer an attack or harm - varies according to several factors, as we will see now.

An example:

There may be a country where the Government poses a general threat against all kinds of ::human rights work. This means that all defenders could be at risk. But we also know ::that some defenders are more at risk than others; for instance, a large, well ::established NGO based in the capital will probably not be as vulnerable as a small, ::local NGO. We might say that this is common sense, but it can be interesting to analyse ::why this happens in order to better understand and address the security problems of ::defenders.

The level of risk facing a group of defenders increases in accordance with threats that have been received and their vulnerability to those threats, as presented in this equation :

RISK = THREATS x VULNERABILITIES

Threats represent the possibility that someone will harm somebody else‘s physical or moral integrity or property through purposeful and often violent action . Making a threat assessment means analysing the likelihood of a threat being put into action.

Defenders can face many different threats in a conflict scenario, including targeting, common crime and indirect threats.

The most common type of threat – targeting - aims to hinder or change a group's work, or to influence the behaviour of the people involved. Targeting is usually closely related to the work done by the defenders in question, as well as to the interests and needs of the people who are opposed to the defenders´ work.

Defenders may face the threat of common criminal attacks, especially if their work brings them to risky areas. Many cases of targeting are carried out under the guise of being ‘ordinary’ criminal incidents.

Indirect threats arise from the potential harm caused by fighting in armed conflicts, such as ‘being in the wrong place at the wrong time’. This applies specially to defenders working in areas with armed conflict.

Targeting (targeted threats) can also be seen in a complementary way: Human rights defenders may come across declared threats, for example by receiving a death threat (see Chapter 3, for how to assess declared threats). There are also cases of possible threats, when a defender close to your work is threatened and there are reasons to believe that you might be threatened next.

A summary of kinds of threats:

-Targeting (declared threats, possible threats): threats due to your work -Threats of common criminal attacks -Indirect threats: Threats due to fighting in armed conflicts.

Vulnerabilities

Vulnerability means the degree to which people are susceptible to loss, damage, suffering and death in the event of an attack. This varies for each defender or group, and changes with time. Vulnerability is always relative, because all people and groups are vulnerable to some extent. However, everyone has their own level and type of vulnerability, depending on their circumstances. Let’s see some examples:

• Vulnerability can be about location. For example, a defender is usually more vulnerable when s/he is out on the road during a field visit than when s/he is at a well known office where any attack is likely to be witnessed.

• Vulnerabilities can include lack of access to a phone or to safe ground transportation or to proper locks in the doors of a house. But vulnerabilities are also related to the lack of networks and shared responses among defenders.

• Vulnerabilities may also have to do with team work and fear: A defender that receives a threat may feel fear, and his/her work will be affected by fear. If s/he has no a proper way to deal with fear (somebody to talk to, a good team of colleagues, etc) chances are that s/he could makes mistakes or take poor decisions that may lead him/her to more security problems.

There is a combined check-list of possible vulnerabilities and capacities at the end of this chapter.

Capacities

Capacities are the strengths and resources a group or defender can access to achieve a reasonable degree of security. Examples of capacities could be training in security or legal issues, a group working together as a team, access to a phone and safe transportation, to good networks of defenders, to a proper way of dealing with fear, etc.

In most cases,

vulnerabilities and

capacities are two sides of

the same coin.

For example:

Not knowing enough about your work environment work is a vulnerability, while having this knowledge is a capacity. The same can be said about having or not access to safe transportation or to good networks of defenders.

(There is a combined check-list of possible vulnerabilities and capacities at the end of this chapter).

The risk created by threats and vulnerabilities can be reduced if defenders have enough capacities (the more capacities, the lesser the risk).

Risk = threats x vulnerability / capacities

In summary

 

Summary:

In order to reduce risk to acceptable levels - namely, to protect - you must:

• Reduce threats;
• Reduce vulnerability factors;
• Increase protection capacities.

Risk is a dynamic concept that changes with time and with variations in the nature of threats, vulnerabilities and capacities. This means risk must be assessed periodically, especially if your working environment, threats or vulnerabilities change. For instance, Vulnerabilities can also increase if a change of leadership leaves a group of defenders in a weaker position than before. Risk increases dramatically with a clear and present threat. In such cases, it is not safe to try to reduce risk by increasing capacities, because that takes time.

Security measures, such as legal training or protective barriers, could reduce risk by reducing vulnerability factors. However, such measures do not confront the main source of risk, i.e. the threats, nor the will to carry them out, especially in situations where perpetrators know they are likely to go unpunished. All major interventions in protection should therefore aim to reduce threats, in addition to reducing vulnerability and enhancing capacity.

An example:

A small group of defenders are working on land property issues in a town. When their :work starts affecting the local landowner’s interests they receive a clear death :threat. If you apply the risk equation to their security situation, you’ll see that :the risk these defenders face is very high, above all due to the death threat. If you :want to reduce that risk it is probably not the moment to start changing the locks on :the door of their office (because the risk is not related to a break-in at the :office), nor the moment to buy a cell phone for each defender (even if communication :might be important to security it is unlikely to be enough if there is someone coming :to kill you). In this case, a more relevant strategy would be to work on networking :and generating political responses to directly confront the threat (and if that is :unlikely to be effective quickly the only way to reduce the risk significantly might :be to reduce the defenders exposure, perhaps by moving away for a while – being able :''to relocate to a safe place is also a capacity).

Vulnerabilities and capacities, as well as some threats, may vary according to gender and age. You therefore need to break down your findings accordingly.

Vulnerabilities and capacities assessment

Designing a vulnerability and capacities assessment for a given group (or person) involves defining the group itself (a community, collective, NGO, individuals, etc), the physical area where it is located and the time line (your vulnerability profile will change and evolve over time). Then you can proceed to assess vulnerabilities and capacities, using Chart 3 at the end of this chapter as a guidance.

Please note: The vulnerabilities and capacities assessment must be seen as an open-ended activity aimed at building on existing information to maintain an accurate picture of a constantly evolving situation. When assessing capacities, it is important to establish what the actual current capacities are instead of listing potential, desirable ones.

Coping and response strategies

Defenders and groups under threat use different coping strategies to deal with the risks they perceive that they face. These strategies will vary a lot depending on their environment (rural, urban), the type of threat, the social, financial and legal resources available, etc.

Most coping strategies can be implemented immediately and in response to short term objectives. They will therefore function more like tactics than as detailed response strategies. Most strategies also respond to individual people’s subjective perceptions of risk, and could at times cause the group some level of harm, especially if the strategies used cannot be reversed.

Coping strategies are closely related to the type and severity of threat and to the group’s capacities and vulnerabilities.

When thinking about security and protection you must take into account both your own and other people’s coping strategies. Reinforce the effective ones, try to limit harmful ones and try to respect the remaining ones (especially coping strategies linked to cultural or religious beliefs). Some coping strategies:

• Reinforcing protective barriers, hiding valuables.
• Avoiding behaviour which could be questioned by another actor, especially if control of the territory where you are working is under military dispute.
• Going into hiding during high risk situations, including in places that are difficult to access, like mountains or jungle, changing houses, etc. Sometimes whole families go into hiding, and sometimes just defenders. Hiding could take place at night or go on for several weeks, and might involve no outside contact.
• Looking for armed or political protection from one of the armed actors.
• Suspending activities, closing down the office, evacuating. Forced migration (internal displacement or as refugees) or going into exile.
• Relying on “good luck” or resorting to “magic” beliefs.
• Becoming more secretive, including with colleagues; going into denial by refusing to discuss threats; excessive drinking, overwork, erratic behaviour.

Defenders also have access to response strategies. These can include issuing reports to publicise a specific issue, making allegations, staging demonstrations, etc. In many cases these strategies do not amount to a long term strategy, but respond to short term needs. In some cases the response strategies might even create more security problems than those they were intended to address.

When analysing coping and response strategies, take the following into account:

• Sensitivity: Can your strategies respond quickly to individual or group security needs?
• Adaptability: Can your strategies be quickly adapted to new circumstances, once the risk of attack is over? A defender may have several options available, for example to either hide or to live at other people’s houses for a while. Such strategies may seem weak or unstable, but often have great endurance.
• Sustainability: Can your strategies endure over time, despite threats or non-lethal attacks?
• Effectiveness: Can your strategies adequately protect the people or groups in question?
• Reversibility: If your strategies don’t work or the situation changes, can your strategies be reversed or changed?

Dealing with risk after doing a risk assessment

Once your risk assessment has been done, you need to look at the results. As it is impossible to measure the “amount” of risk you are facing, you need to establish an understanding of what the level of risk is.

Different defenders and organisations may estimate different levels of risk. What is unacceptable for some defenders can be acceptable for others, and the same can be said for people within the same organisation. Rather than discussing what “must” be done or whether you are prepared for going ahead with it, people’s different thresholds of risk must be addressed: You must find a commonly acceptable threshold for all members of the group.

That said, there are different ways of dealing with risk:

• You can accept the risk as it stands, because you feel able to live with it;
• You can reduce the risk, by working on threats, vulnerabilities and capacities;
• You can share the risk, by undertaking joint actions with other defenders to make potential threats to one defender or organisation less effective;
• You can choose to avoid the risk, by changing or stopping your activities or changing approach to reduce potential threats;
• You can ignore the risk, by looking the other way. Needless to say, this is not the best option.

Bear in mind that the levels of risk are usually different for each of the organizations and individuals involved in a human rights case, and that attackers usually tend to hit in the weakest parts, so that you have to pay attention to these different levels of risk and take specific measures. For example, let’s look at a case of a peasant killed by a landowner private army. There may be several organizations and individuals involved in it, such as a group of lawyers from the close-by capital city, a local peasant union and three witnesses (peasants who live in a nearby village). It is key to assess the different levels of risk of each of these stakeholders in order to plan properly for the security of each of them.

To see more

http://www.itscolumn.com/2012/03/28-types-of-computer-security-threats-and-risks

http://technet.microsoft.com/en-us/library/cc723507.aspx

http://www.dlt.com/technology/cloud-computing/understanding-cloud-computing/cloud-security/top-security-threats-and-ris