Preparing for Analysis

Now that you are ready to dig into the data, use the skills and abilities of your team to help formulate solutions. Get the team involved. As project manager, you will be responsible for the report and its overall look and feel. Individual team members can be given responsibility for portions of the report. Assign them to the areas that they worked in or to a task that fits with their strengths. Working as a group, they can also help you analyze the findings and develop risk-ranking scores. When meeting with the team, the project manager should set the agenda. Encourage all team members to take an active role and offer input. Remind the team to stay focused on what is best for the organization. When it is time to write the report, you should also set deadlines for each team member's individual assignments, follow-ups, or additional information that you've requested. One way to work through the bulk of the findings as a team is by using a three-tiered approach:

  1. Multimodal (Brainstorm)As you review your findings and discuss specific problems, let the group come up with possible solutions. Much of the analysis is qualitative, so it is open to discussion. During this free flow of information, don't discount any ideas or opinions. One approach is to list each possibility on a whiteboard.
  2. Bimodal (Evaluate)Now that the team has provided you with many possible solutions, go through the list and narrow it down to the few that really seem possible.
  3. Unimodal (Decide)Maybe more than one solution will work, but you'll need primary solutions and recommendations. You might consider dividing the solutions into three categories: good solutions, cheap solutions, and quick fixes. This helps the organization to maintain some flexibility when trying to budget the needed improvements.

The organization may not be able to implement all the items you recommend, so target the ones with the highest risk/highest probability. To help stay focused on what's important, keep in mind the organization's OICM and SCM. These matrixes identified what was critical for the organization's mission.

Introduction to Assessing Network Vulnerabilities

Foundations and Principles of Security

Why Risk Assessment

Risk-Assessment Methodologies

Scoping the Project

Understanding the Attacker

Performing the Assessment

Tools Used for Assessments and Evaluations

Preparing the Final Report

Post-Assessment Activities

Appendix A. Security Assessment Resources

Appendix B. Security Assessment Forms

Appendix C. Security Assessment Sample Report

Appendix D. Dealing with Consultants and Outside Vendors

Appendix E. SIRT Team Report Format Template



Inside Network Security Assessment. Guarding your IT Infrastructure
Inside Network Security Assessment: Guarding Your IT Infrastructure
ISBN: 0672328097
EAN: 2147483647
Year: 2003
Pages: 138

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net