RealSecurity

There are several books, articles, and models providing guidance for assessing information security risk. Nevertheless, regardless of the amount of information one consumes, determining risk remains more art than science. One must consider the threats, vulnerabilities, potential of occurrence, and impact to draw conclusions of risk appetite. For me, one of these elements represents an area few delve deeply into, and that is threats.

In 1996 I found a tiny package floating around the Internet called VMware. I booted up my Linux laptop and proceeded to install this little animal. Within minutes I started the application and booted my first virtual PC. Compelled to investigate further, I decided to load Windows 95, completely convinced that it would fail miserably - Win95 on Linux, are you kidding me? To my surprise, I was browsing the web using IE, in Windows 95 from a virtual PC running on Linux in just a few hours. Little did I know at the time, virtualization would make the huge rebirth that it has today.