[Dshield] Risk Assessment

Roland Green rgreen at plannedbuy.com
Thu Oct 14 19:34:10 GMT 2004


For some reason there are those out there who actually want you to know 
some truths.  Therefor read the following white papers below and you too 
will be able to speak at great length regarding your topic of interest.

Network- and Host-Based Vulnerability Assessments:  An Introduction to a 
Cost Effective and Easy to Use Strategy.
http://www.sans.org/rr/papers/index.php?id=1200

An Introduction to Information Risk Assessment
http://www.sans.org/rr/papers/index.php?id=1204

Quantitative Risk Analysis Step-By-Step
http://www.sans.org/rr/papers/index.php?id=849

An Overview of Threat and Risk Assessment
http://www.sans.org/rr/papers/index.php?id=76

System identification for vulnerability assessment
http://www.sans.org/rr/papers/index.php?id=65

Strategies for Improving Vulnerability Assessment Effectiveness in Large 
Organizations
http://www.sans.org/rr/papers/index.php?id=1072

Bill Matthews wrote:

>Hello all,
>
>Has anyone on the list been asked to help with a formal risk
>assessment for the network?
>
>I'd like to ask for some general feedback about network risks.  A real
>risk assessment will be specific to your network, but for the sake of
>this discussion we could keep them generic.
>
>For example:
>
>Without an enforced patch management process the network design can be
>susceptible to vulnerabilities from hackers, worms, and viruses.
>
>The current vulnerabilities inherent in Windows provides access to the
>network through attacks resulting in the ability to alter, destroy, or
>disclose data.
>
>Without a process to provide information on security incidents to
>guide the network development and upgrade plan, the network design can
>be susceptible to vulnerabilities .
>
>Without regular external penetration testing, the network may be
>susceptible to external attacks by hackers.
>
>Any other thoughts?
>BM
>_______________________________________________
>DShield and the Internet Storm Center are sponsored by the SANS Institute.
>To learn more about current SANS training, see http://www.sans.org .
>
>_______________________________________________
>send all posts to list at lists.dshield.org
>To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
>
>  
>




More information about the list mailing list