Risk analysis projects are relatively expensive, and were so even in the mainframe computing era, because they involved the collection and evaluation of a significant volume of data. Earlier risk studies were conducted by in house staff or consultants and the in house people did not have much experience regarding the matter and the consultants did not know much about the requirements of the organization. Presently, the familiarization task has become more complicated with the complex, multi-site networked and client server-based technology used now. A new system has developed now and here the first description is of the security entry classification and this classification involves object identifiers which will help the security officer to work. For developing this system, the risk assessors have significant knowledge of operating systems, the documentation procedures are versatile and comprehensive enough to makes the data collection task achievable and since the basic system is ready, the cost of updates for risk assessment is minimal. At the same time, the system is fully documented and this documentation can be updated regularly, and the new system will reduce the costs and efforts for exercises in risk assessment.

The Risk Data Repository is a risk analysis model, which was developed some years ago, and the objective was to integrate all available organizational data concerning security. The model can evolve over time as it incorporates newly acquired data. The RDR describes entities in term of their roles from a security viewpoint, and demonstrates the inter-relationships of security data. The RDR essentially has three domains: Environment, Platforms and Assets. The environment domain includes elements that effectively host or support the operation of the information processing system: equipment, building, and staff. The proposed usage of this model is for assessing risk and designing the security system. The information security environment has had radical changes over the last ten years. Organizations are now dependent on the effective operation of their information systems, and these systems also have...

The original prototype was developed in Visual Basic for testing out the methods and a model based on Java is now being developed in City University of Hong Kong.
The concept of developing new software for security depends primarily on the ways the system is going to be used. When common popular operating systems are used on a computer, the chances of it crashing are more. When there are a lot of contacts of the system through the Internet, the chances of the system getting infected are more. In spite of $2.2 billion being spent on security in a year, there have been viruses like SoBigF which had invaded 73% of e-mails sent. Thus there are no ways to make a system proof against all threats but like buying a new car every year, one has to keep up with the Joneses and make developments to computer systems.

References

Greenemeier, Larry. Behind The Numbers: Linux Gets High Marks for Security. 11 July, 2005.

Retrieved at http://www.informationweek.com/story/showArticle.jhtml;jsessionid=VFUJTNBW0C3TYQSNDBCCKHSCJUMEKJVN?articleID=165700960Accessed 9 October, 2005

Koerner, Brendan I. In Computer Security, a Bigger Reason to Squirm. The New York Times.

September 7, 2003. Retrieved at http://www.newamerica.net/index.cfm?pg=article&DocID=1348Accessed 9 October, 2005

Reasons for IT security. Retrieved at http://netsecurity.rutgers.edu/everyone/why.phpnAccessed 9 October, 2005

Larry, Greenemeier. Behind The Numbers: Linux Gets High Marks for Security. 11 July, 2005.

Retrieved at http://www.informationweek.com/story/showArticle.jhtml;jsessionid=VFUJTNBW0C3TYQSNDBCCKHSCJUMEKJVN?articleID=165700960Accessed 9 October, 2005

Reasons for IT security. Retrieved at http://netsecurity.rutgers.edu/everyone/why.phpnAccessed 9 October, 2005

Brendan I. Koerner. In Computer Security, a Bigger Reason to Squirm. The New York Times.

September 7, 2003. Retrieved at http://www.newamerica.net/index.cfm?pg=article&DocID=1348Accessed 9 October, 2005