The following acronyms and terms are used in this chapter. For the explanation and definition purpose of this chapter, these acronyms and terms are defined as follows:
Audit
An independent examination of records, actions, and activities to assess the adequacy of security controls and to ensure compliance with established policies and operational procedures.
Business continuity planning
A system or methodology to create a plan for how an organization will resume partially or completely interrupted critical functions within a predetermined time after a disaster or disruption occurs. The goal is to keep critical functions operational.
Clipping level
The point at which an alarm threshold or trigger occurs.
Configuration management
The process of controlling and documenting any changes made to networks, systems, or software.
Contingency planning
The process of preparing to deal with calamities and noncalamitous situations before they occur so that the effects are minimized.
Control Objectives for Information and Related Technology (COBIT)
A third-generation document that has 34 high-level objectives that cover 318 control objectives categorized in four domains. Its purpose is to provide organizations with a set of generally accepted information technology control objectives to help them fully benefit from their IT infrastructure and develop good IT governance and control procedures.
Data owner
The individual responsible for the policy and practice decisions of data.
Data custodian
The individual responsible for implementing controls on behalf of the data owner.
Ethical hack
A term used to describe a type of hack that is done to help a company or individual identify potential threats on the organizations IT infrastructure/or network. Ethical hackers must obey rules of engagement, do no harm, and stay within legal boundaries.
Guidelines
Points to a statement in a policy or procedure by which to determine a course of action.
Nonattribution
The act of not providing a reference to a source of information.
NIST 800-42
The purpose of this document is to provide guidance on network security testing. It deals mainly with techniques and tools used to secure systems connected to the Internet.
Policies
High-level or the top tier of formalized security documents.
Procedure
A detailed, in-depth, step-by-step document that lays out exactly what is to be done and how it is to be accomplished.
RFC-2196
The purpose of RFC 2196 is to provide practical guidance to organizations trying to secure their information and related services.
Spyware
A general term for a program that surreptitiously monitors your actions. These programs can sometime be acquired by simply browsing the Web.
Trojan
A program that does something undocumented that the programmer or designer intended, but that the end user would not approve of if they knew about it.
Virus
A computer program with the capability to generate copies of itself and thereby spread. Viruses usually require the interaction of an individual and can have rather benign results, such as flash a message to the screen, or it can have malicious results that destroy data, systems, integrity, or availability.
Worms
A self-replicating program that spreads by inserting copies of itself into other executable code, programs, or documents. Worms typically flood a network with traffic and result in a denial of service.
Introduction to Assessing Network Vulnerabilities
Foundations and Principles of Security
Why Risk Assessment
Risk-Assessment Methodologies
Scoping the Project
Understanding the Attacker
Performing the Assessment
Tools Used for Assessments and Evaluations
Preparing the Final Report
Post-Assessment Activities
Appendix A. Security Assessment Resources
Appendix B. Security Assessment Forms
Appendix C. Security Assessment Sample Report
Appendix D. Dealing with Consultants and Outside Vendors
Appendix E. SIRT Team Report Format Template