[Dshield] Risk Assessment

Roland Green rgreen at plannedbuy.com
Thu Oct 14 19:34:10 GMT 2004

For some reason there are those out there who actually want you to know 
some truths.  Therefor read the following white papers below and you too 
will be able to speak at great length regarding your topic of interest.

Network- and Host-Based Vulnerability Assessments:  An Introduction to a 
Cost Effective and Easy to Use Strategy.

An Introduction to Information Risk Assessment

Quantitative Risk Analysis Step-By-Step

An Overview of Threat and Risk Assessment

System identification for vulnerability assessment

Strategies for Improving Vulnerability Assessment Effectiveness in Large 

Bill Matthews wrote:

>Hello all,
>Has anyone on the list been asked to help with a formal risk
>assessment for the network?
>I'd like to ask for some general feedback about network risks.  A real
>risk assessment will be specific to your network, but for the sake of
>this discussion we could keep them generic.
>For example:
>Without an enforced patch management process the network design can be
>susceptible to vulnerabilities from hackers, worms, and viruses.
>The current vulnerabilities inherent in Windows provides access to the
>network through attacks resulting in the ability to alter, destroy, or
>disclose data.
>Without a process to provide information on security incidents to
>guide the network development and upgrade plan, the network design can
>be susceptible to vulnerabilities .
>Without regular external penetration testing, the network may be
>susceptible to external attacks by hackers.
>Any other thoughts?
>DShield and the Internet Storm Center are sponsored by the SANS Institute.
>To learn more about current SANS training, see http://www.sans.org .
>send all posts to list at lists.dshield.org
>To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list

More information about the list mailing list