Because security resources will always be limited in some manner, it is important to determine what resources are present that may need securing. Then you need to determine the threat level of exposure that each resource creates and plan your network defenses accordingly . Previously, we discussed how to protect resources and assets; now we'll look at how to identify the risks that affect them. In this section, we cover the following methods of identifying risks: asset identification, risk and threat assessment, and vulnerabilities. Asset IdentificationBefore you can determine which resources are most in need of protection, it is important to properly document all available resources. For the purpose of our discussion, the term resource can refer to a physical item (such as a server or piece of networking equipment), a logical object (such as a Web site or financial report), or even a business procedure (such as a distribution strategy or marketing scheme). Sales demographics , trade secrets, customer data, and even payroll information could be considered sensitive resources within an organization. Risk AssessmentAfter assets have been identified, you need to determine which of these assets are more important than the others and which assets pose significant security risks. During the process of risk assessment, it is necessary to review many areas, such as the following:
Threat AssessmentDuring a risk assessment, it is important to identify potential threats and document standard response policies for each. Threats may include the following:
VulnerabilitiesAfter you have identified all sensitive assets and performed a detailed risk assessment, it is necessary to review potential vulnerabilities and take actions to harden each based on its relative worth and level of exposure. Evaluations should include an assessment of the relative risk to an organization's operations, the ease of defense or recovery, and the relative popularity and complexity of the potential form of attack. Many automated vulnerability-scanning tools are available for various platforms. These may be used to perform regular assessments of your network; however, because of the constant discovery of new vulnerabilities, it is also very important to include a review of newly discovered vulnerabilities as part of your standard operating procedures.
When you're performing an analysis of potential vulnerabilities, several possible steps may be taken:
|