[Dshield] Risk Assessment

Bill Matthews bill.matthews at gmail.com
Thu Oct 14 14:46:20 GMT 2004

Hello all,

Has anyone on the list been asked to help with a formal risk
assessment for the network?

I'd like to ask for some general feedback about network risks.  A real
risk assessment will be specific to your network, but for the sake of
this discussion we could keep them generic.

For example:

Without an enforced patch management process the network design can be
susceptible to vulnerabilities from hackers, worms, and viruses.

The current vulnerabilities inherent in Windows provides access to the
network through attacks resulting in the ability to alter, destroy, or
disclose data.

Without a process to provide information on security incidents to
guide the network development and upgrade plan, the network design can
be susceptible to vulnerabilities .

Without regular external penetration testing, the network may be
susceptible to external attacks by hackers.

Any other thoughts?

More information about the list mailing list