Re: Security Grade
- From: lauren.malhoit@xxxxxxxxxxxxx
- Date: 7 Dec 2007 13:03:03 -0000
I think it's all pretty relative. Microsoft recommends doing either a qualitative risk analysis or quantitative (or both). In one case you assign the odds of the risk of a specific attack a number (1-10) and assign the severity of the risk a number (ie will it cause business to shut down or something). Then you multiply those two numbers and it gives you a risk assessment. In the other case, you take the actual money (both directly and indirectly) that might be lost and multiply that times however many times that would probably happen in a year.
It's a little more scientific than that (although not much), but you get the gist.
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
- Prev by Date: Cain & Able man in the middle attack
- Next by Date: Pen Test Vendor
- Previous by thread: Re: Security Grade
- Next by thread: Re: Re: Security Grade
- Index(es):
Relevant Pages
|
|
