This chapter discusses some of the basic principles and theories of security. Some of you are probably very familiar with the methodologies discussed in this chapter and if that is so, let this serve as a quick review. Others may be looking for a complete, holistic approach to understanding risk assessment. If so, this chapter will serve as a good basis. In the end, security is not one item, technology, or tool. It is an ongoing process that includes assessing risk, building good policies, implementing protections for key informational assets, training employees, and designing true defense in depth.
By the time you finish reading this chapter, you will understand these basic components and how they contribute to security. So, let's start our journey by discussing some basic security principles.
Introduction to Assessing Network Vulnerabilities
Foundations and Principles of Security
Why Risk Assessment
Scoping the Project
Understanding the Attacker
Performing the Assessment
Tools Used for Assessments and Evaluations
Preparing the Final Report
Appendix A. Security Assessment Resources
Appendix B. Security Assessment Forms
Appendix C. Security Assessment Sample Report
Appendix D. Dealing with Consultants and Outside Vendors
Appendix E. SIRT Team Report Format Template