Re: Security Grade



I think it's all pretty relative. Microsoft recommends doing either a qualitative risk analysis or quantitative (or both). In one case you assign the odds of the risk of a specific attack a number (1-10) and assign the severity of the risk a number (ie will it cause business to shut down or something). Then you multiply those two numbers and it gives you a risk assessment. In the other case, you take the actual money (both directly and indirectly) that might be lost and multiply that times however many times that would probably happen in a year.

It's a little more scientific than that (although not much), but you get the gist.

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------



Relevant Pages

  • RE: Block OS Detection
    ... Need to secure your web apps NOW? ... Cenzic finds more, "real" vulnerabilities fast. ... buy it or download a solution FREE today! ...
    (Pen-Test)
  • Re: Astalavista?
    ... Need to secure your web apps NOW? ... Cenzic finds more, "real" vulnerabilities fast. ... buy it or download a solution FREE today! ...
    (Pen-Test)
  • Re: Port Scanner Challenge Revisited: Nmap, Unicornscan, Portbunny
    ... Need to secure your web apps NOW? ... Cenzic finds more, "real" vulnerabilities fast. ... buy it or download a solution FREE today! ...
    (Pen-Test)
  • Re: Security Grade
    ... Need to secure your web apps NOW? ... Cenzic finds more, "real" vulnerabilities fast. ... buy it or download a solution FREE today! ...
    (Pen-Test)
  • Re: Gear
    ... Need to secure your web apps NOW? ... Cenzic finds more, "real" vulnerabilities fast. ... buy it or download a solution FREE today! ...
    (Pen-Test)