RE: Risk Analysis and Management software

From: leon (leon@inyc.com)
Date: 11/14/01


From: "leon" <leon@inyc.com>
To: "'Ralph Chapman'" <chapman_ralph@yahoo.com>, <security-basics@securityfocus.com>
Subject: RE: Risk Analysis and Management software
Date: Tue, 13 Nov 2001 19:02:08 -0500
Message-ID: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAA+8DoZCJ8SEaYk5pn4rrIf8KAAAAQAAAAWLdJH0I/8UKY4Vf8QBtMXgEAAAAA@inyc.com>

Sure, run Nessus or your vuln scanner of choice and if you get get high
risk vulns (and they are not false positive) one could put the
quantitative impact at the cost of the information. I never really
understood qualitative risk analysis myself.

HTH,

Leon

-----Original Message-----
From: Ralph Chapman [mailto:chapman_ralph@yahoo.com]
Sent: Thursday, November 01, 2001 12:53 AM
To: security-basics@securityfocus.com
Subject: Risk Analysis and Management software

Does anyone have any ideas of software available to
help quantify the impact of potential threats
(quantitative and qualitative) and mitigate risk for a
company.

Thanks for the help in advance!

__________________________________________________
Do You Yahoo!?
Make a great connection at Yahoo! Personals.
http://personals.yahoo.com