PRO+ Premium Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
March 2004

Risk assessment methodology: Anatomy of the risk assessment process

Risk assessments provide a detailed report on the current state of your enterprise's security posture and create a road map for correcting deficiencies. They can be focused on specific aspects of your security infrastructure, such as the effectiveness of the protective measures around critical database servers; or they can be organization-wide evaluations, such as assessing the effectiveness of the overall security program. In either case, the risk assessment has two basic parts: technical and policy/procedures. Assessors often use methods such as penetration tests and vulnerability scans to measure the technical aspects of a security program. They'll measure how well your program patches vulnerable servers, maintains firewall rule sets and updates IDS signatures. They'll also show how easy or difficult it would be for a worm to infect your network or for a hacker to compromise data. Assessors will measure your organization's compliance with its own security policy, as well as laws, regulations and industry standards. Your risk ...

Access this PRO+ Content for Free!

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Features in this issue

Columns in this issue

  • The security improvements of Microsoft ISA Server 2004

    by  Victor R. Garza

    In an effort to bolster its security image, Microsoft is going to release its ISA Server 2004 later this year. Here you will learn about the security improvements of Microsoft ISA Server 2004.