Introduction

Risk management, while outside the scope of this book, is a key foundation in the creation of a secure system. Proper risk assessment will not only identify what is being protected, the cost, and the criticality of those assets, but also identify the likelihood of the system or systems being breached. With the state of governance, compliance, and the growing requirement to notify customers of the security breach, it's more important than ever to create an auditable system based on well-defined security policies.

Not long ago, type I hypervisor systems, such as VMware ESX and Microsoft Hyper-V, were considered inferior for the task of running highly secure environments. The virtualization market has made substantial progress in the security space in a short span of time.

This chapter provides a brief overview and review of the risk and the associated components of risk pertaining to the virtualization environment. The ultimate goal is to determine the acceptable risk, which is the level of risk that a company is willing to take in order to conduct business.