Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Risk Assessment/Management

from [Steve.Cummings] Network Security [Permanent Link]
Subject: Re: Risk Assessment/Management
Date: Mon, 31 Oct 2005 18:19:52 -0000 
Ok have two tools that might help you but they maybe too expensive

Skybox 
Iss vms (I think it's called that is brand new) try www.iss.net
 

-----Original Message-----
From: Mark Brunner <mark_brunner@hotmail.com>
To: security-basics@securityfocus.com <security-basics@securityfocus.com>
Sent: Sat Oct 29 22:02:10 2005
Subject: Risk Assessment/Management

I am looking for a tool, template or clear example of how to perform a Risk
Assessment, and then manage the mitigation or acceptance of risk.  I've read
a lot of the available information regarding the theory, methodologies and
strategy, but am having a real hard time taking the concepts and applying
them to real world items.  I've boiled my risk assessment effort to 5 key
questions to start with for ease of creating some kind of matrix
(spreadsheet for now).

For instance, I try to use the following:
1.      What are the resources - Information & Information Systems - I'm 
actually
interested in protecting?
        Easy enough to figure out which are the critical items once an 
inventory is
made and relationships are established.

2.      What is the value of those resources, monetary or otherwise?
        Easy enough to get the replacement costs of hardware, software, config
time, etc. but how do you valuate the data?  Based on time and effort to
recreate?

3.      What are the all the possible threats that that those resources face?
        Where can I get a compendium of risks to apply to each item for Yes/No
response?

4.      What is the likelihood of those threats being realized?
        Am I supposed to GUESS at this?  How to quantify?

5.      What would be the impact of those threats on my business or personal
life, if they were realized?
        Easy enough to figure out, based on criticality and function.

I would appreciate any assistance offered.  I'm floundering...

Thanks,
Mark




------------------------------------------------------------------------
For more information about Barclays Capital, please
visit our web site at http://www.barcap.com.


Internet communications are not secure and therefore the Barclays 
Group does not accept legal responsibility for the contents of this 
message.  Although the Barclays Group operates anti-virus programmes, 
it does not accept responsibility for any damage whatsoever that is 
caused by viruses being passed.  Any views or opinions presented are 
solely those of the author and do not necessarily represent those of the 
Barclays Group.  Replies to this email may be monitored by the Barclays 
Group for operational or business reasons.

------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Risk Assessment/Management, Fred Cohen
Next by Date:  RE: integrity and mail encryption, Jason Burzenski
Previous by Thread:  RE: Risk Assessment/Management, Keith Phillips
Next by Thread:  RE: Risk Assessment/Management, Brian McCaleb
Indexes:  [Date] [Thread] [Top] [All Lists]