Access your Pro+ Content below.
Risk assessment methodology: Anatomy of the risk assessment process
This article is part of the March 2004 issue of Information Security magazine
Risk assessments provide a detailed report on the current state of your enterprise's security posture and create a road map for correcting deficiencies. They can be focused on specific aspects of your security infrastructure, such as the effectiveness of the protective measures around critical database servers; or they can be organization-wide evaluations, such as assessing the effectiveness of the overall security program. In either case, the risk assessment has two basic parts: technical and policy/procedures. Assessors often use methods such as penetration tests and vulnerability scans to measure the technical aspects of a security program. They'll measure how well your program patches vulnerable servers, maintains firewall rule sets and updates IDS signatures. They'll also show how easy or difficult it would be for a worm to infect your network or for a hacker to compromise data. Assessors will measure your organization's compliance with its own security policy, as well as laws, regulations and industry standards. Your risk ...
Access this Pro+ Content for Free!