[Dshield] Risk Assessment
rgreen at plannedbuy.com
Thu Oct 14 19:34:10 GMT 2004
For some reason there are those out there who actually want you to know
some truths. Therefor read the following white papers below and you too
will be able to speak at great length regarding your topic of interest.
Network- and Host-Based Vulnerability Assessments: An Introduction to a
Cost Effective and Easy to Use Strategy.
An Introduction to Information Risk Assessment
Quantitative Risk Analysis Step-By-Step
An Overview of Threat and Risk Assessment
System identification for vulnerability assessment
Strategies for Improving Vulnerability Assessment Effectiveness in Large
Bill Matthews wrote:
>Has anyone on the list been asked to help with a formal risk
>assessment for the network?
>I'd like to ask for some general feedback about network risks. A real
>risk assessment will be specific to your network, but for the sake of
>this discussion we could keep them generic.
>Without an enforced patch management process the network design can be
>susceptible to vulnerabilities from hackers, worms, and viruses.
>The current vulnerabilities inherent in Windows provides access to the
>network through attacks resulting in the ability to alter, destroy, or
>Without a process to provide information on security incidents to
>guide the network development and upgrade plan, the network design can
>be susceptible to vulnerabilities .
>Without regular external penetration testing, the network may be
>susceptible to external attacks by hackers.
>Any other thoughts?
>DShield and the Internet Storm Center are sponsored by the SANS Institute.
>To learn more about current SANS training, see http://www.sans.org .
>send all posts to list at lists.dshield.org
>To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
More information about the list