RE: Sample Risk Assessment Report

• Previous message: Cure, Samuel J: "RE: Sample Risk Assessment Report"
• In reply to: Mambo: "Sample Risk Assessment Report"
• Next in thread: Cure, Samuel J: "RE: Sample Risk Assessment Report"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "'Mambo'" <mamboz@gmail.com>, <pen-test@securityfocus.com>
Date: Fri, 14 Jan 2005 11:41:35 -0600

It is my understanding that a 'Risk Assessment' should cover the following
material:

Determine Assets
-- What are the 'crown jewels'?
-- Tangible Assets
-- Intangible Assets
-- Human Assets

Determine Value
-- Value of Assets
-- Value of People
-- What affects Value?

Determine Threats
-- Internal Threats
-- External Threats
-- Can be people, computers, natural disasters, etc

Determine Vulnerabilities
-- Basically anything that is going to compromise the integrity of the
'Assets'

Determine Risk
-- Risk = Value x Threat x Vulnerability

What are acceptable risks?
What are unacceptable risks?
How much are the assets worth and how much do you want to protect them?
 
Anyways, I hope that helps.

James Williams
 

-----Original Message-----
From: Mambo [mailto:mamboz@gmail.com]
Sent: Thursday, January 13, 2005 5:04 AM
To: pen-test@securityfocus.com
Subject: Sample Risk Assessment Report

Hi All,

        Any idea about any sample Risk Assessment Report's available
on the net. Was searching but got very few which are not worth
mentioning.

Cheers
Mambo

"""Security-- Someone gave birth...But i Own it..now..."""

• Previous message: Cure, Samuel J: "RE: Sample Risk Assessment Report"
• In reply to: Mambo: "Sample Risk Assessment Report"
• Next in thread: Cure, Samuel J: "RE: Sample Risk Assessment Report"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: Sample Risk Assessment Report ... I am confused by your definition of assets scure. ... I agree that business risks differ from technical risks; ... I cannot discuss methodology in detail, but I can say that threat risk ... Subject: Sample Risk Assessment Report ... (Pen-Test) Re: What would the Tories have done? ... rate lending could only be funded through short term borrowings ... work well in a mortgage bank if there is only one type of asset: ... In practice banks hold assets with fixed and variable rates ... their risk adjusted assets. ... (uk.politics.misc) Re: Etrade problems ... In the wake of this very risk, ... MyMoneyBlog.com wrote an article detailing some of the ... where it goes (ie. initiate a transfer of assets ... In the worst case scenario, ... (misc.invest.stocks) Re: Risk methodologies ... You can also check the BS7799 approach to Risk Assessment. ... assets value & threats and vulnerabilities values to assess the risk ... I'm currently researching Risk methodologies (more aligned with IT ... (Security-Basics) RE: Risk Assessment Basics ... Start inventorying your software and data assets. ... Management process/procedure and a policy that states that Change ... Define roles and responsibilities for the network and security ... Subject: Risk Assessment Basics ... (Security-Basics)