RE: Sample Risk Assessment Report
From: James Williams (jwilliams_at_mail.wtamu.edu)
Date: 01/14/05
- Previous message: Cure, Samuel J: "RE: Sample Risk Assessment Report"
- In reply to: Mambo: "Sample Risk Assessment Report"
- Next in thread: Cure, Samuel J: "RE: Sample Risk Assessment Report"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'Mambo'" <mamboz@gmail.com>, <pen-test@securityfocus.com> Date: Fri, 14 Jan 2005 11:41:35 -0600
It is my understanding that a 'Risk Assessment' should cover the following
material:
Determine Assets
-- What are the 'crown jewels'?
-- Tangible Assets
-- Intangible Assets
-- Human Assets
Determine Value
-- Value of Assets
-- Value of People
-- What affects Value?
Determine Threats
-- Internal Threats
-- External Threats
-- Can be people, computers, natural disasters, etc
Determine Vulnerabilities
-- Basically anything that is going to compromise the integrity of the
'Assets'
Determine Risk
-- Risk = Value x Threat x Vulnerability
What are acceptable risks?
What are unacceptable risks?
How much are the assets worth and how much do you want to protect them?
Anyways, I hope that helps.
James Williams
-----Original Message-----
From: Mambo [mailto:mamboz@gmail.com]
Sent: Thursday, January 13, 2005 5:04 AM
To: pen-test@securityfocus.com
Subject: Sample Risk Assessment Report
Hi All,
Any idea about any sample Risk Assessment Report's available
on the net. Was searching but got very few which are not worth
mentioning.
Cheers
Mambo
"""Security-- Someone gave birth...But i Own it..now..."""
- Previous message: Cure, Samuel J: "RE: Sample Risk Assessment Report"
- In reply to: Mambo: "Sample Risk Assessment Report"
- Next in thread: Cure, Samuel J: "RE: Sample Risk Assessment Report"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
