Problem solve Get help with specific problems with your technologies, process and projects.

Episode IV: Risk and vulnerability assessment and threat detection

In the last episode, a policy was decreed and signed by the King. Armed with this important document, our administrators set off on the task of assessing the landscape.

In the last episode, a policy was decreed and signed by the King. Armed with this important document, our noble administrators set off on the task of assessing the landscape to prioritize their efforts.

They took inventory and classified the kingdom's assets. They identified gaps in the infrastructure, threats and potential targets of the malfeasants. The policy of the King and the edicts of the highest of high were consulted. Valuations were placed on the assets; the costs of safeguards were estimated.

It was clear: The noble administrators would need weapons, but they would also need to be trained in the art of defense. For, as sophisticated and knowledgeable as they were in their own right, this new realm required they be masters at defending terabytes as sure as the Knights of the Royal Guard were masters in defending terra firma.

It came to pass that they were trained, purchased advanced tools and were invited to the castle on the eve of the attack of the evil enumerators. The noblepersons knelt before the King and by virtue of His Majesty's imperial resound, were conferred Knights of the Order of Countermeasures.

Dame Day (they called her "D-Day") was responsible for all firewall configurations and remote-access technologies including PPP, VPN and OU812. D-Day was dedicated to stopping the dastardly defilers "right here, right now."

D-Day worked closely with Sir Sniffalot, who took the lead on intrusion detection, prevention and audit log analyses. Armed with a steady supply of Sudafed, Sir Sniffalot was always on his toes.

Sir Pokeahole was the chief penetration tester and chair of the incident-response committee. Sir Jack was to institute the user education and awareness program and Dame Domaine administered ACLs, configuration and patch management and hunted rogue wireless access points on the weekends.

Whilst acting on the personal request of the King to improve upon his daughter's memory, Dame Domaine discovered an insidious uninvited alteration of Princess Bloomie's registry. It was apparent that the nefarious ne'er-do-wells negotiated not with the slightest deference to royalty, and that they would stop at nothing.

About the author
Bill Kirkendale, CISSP, has been an IT professional for fourteen years and is a former United States Marine.

Last episode: His Majesty issues a new decree (and gets a new robe)
Next episode: To be enumerated or fumigated: That is the question

This was last published in April 2004

Dig Deeper on Risk assessments, metrics and frameworks

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.