Appendix B: Protection Strategies

Appendix B: Protection Strategies

Copyright(c), 1995 - Management Analytics and Others - All Rights Reserved

Safeguards may be categorized into protection strategies. At a high level there are essentially three basic strategies: prevention, detection, and recovery. It is useful to examine safeguards in relation to their application along an incident event timeline. Table 1 illustrates nine protection strategy types that can be used to describe a safeguard.

Protection Strategy Hierarchy

Prevention          A         Avoidance
                    T         Transfer
                    RT        Reduction of Threat
                    RV        Reduction of Vulnerability

Detection           RD        Real-time Detection
                    NRD       Non-real time detection

Recovery            RI        Reduction of Impact
                    RR        Real-time Recovery
                    NRR       Non real-time Recovery

The abbreviations are used as the legend to Figure 3. When selecting safeguards, the information security professional may be able to expand the range of available safeguards by envisioning an available safeguard as each of the nine protection strategies. Generally speaking, safeguards that operate prior to the event are more effective and more expensive. Safeguards that operate after the event are less expensive and less effective. Another application of the diagram is as a graphical representation of the coverage (by safeguards) of a system vulnerability. A detailed explanation of each protection strategy follows: