The Goals and Objectives of a Risk Assessment

Table of contents:

Key Terms

The following acronyms and terms are used in this chapter. For the explanation and definition purpose of this chapter, these acronyms and terms are defined as follows:

Audit

A term that typically accompanies an accounting or auditing firm that conforms to a specific and formal methodology and definition for how an investigation is to be conducted with specific reporting elements and metrics being examined (such as a financial audit according to Public Accounting and Auditing Guidelines and Procedures).

 

Assessment

An evaluation and/or valuation of IT assets based on predefined measurement or evaluation criteria. This does not typically require an accounting or auditing firm to conduct an assessment such as a risk or vulnerability assessment.

 

Disclaimer of Warranties

A legal term that denies or disavows the user's legal claim of warranty of the product, hardware, or software.

 

Exclusion of Incidental, Consequential, and Certain Other Damages

A legal term that protects and indemnifies the organization from external incidents, consequences, or other certain damages that may arise from the use of the organization's hardware or software.

 

Hot Site

A remote and secure data center that replicates the production IT infrastructure, systems, applications, and backup data of the production environment.

 

IT

Information technology.

 

IT Asset

Information technology asset such as hardware or software or data.

 

IT Asset Criticality

The act of putting a criticality factor or importance value (Critical, Major, or Minor) in an IT asset.

 

IT Asset Valuation

The act of putting a monetary value to an IT asset.

 

IT Infrastructure

A general term to encompass all information technology assets (hardware, software, data), components, systems, applications, and resources.

 

IT Security Architecture and Framework

A document that defines the policies, standards, procedures, and guidelines for information security.

 

Law

A rule of conduct or action prescribed or formally recognized as binding or enforced by a controlling authority (U.S. federal government, state government, and so on).

 

Limitation of Liability and Remedies

A legal term that limits the organization from the amount of financial liability and the limitation of the remedies the organization is legally willing to take on.

 

Limited Warranty

A legal term that defines but limits the written guarantee of the integrity of a product and of the maker's responsibility for the repair or replacement of defective parts.

 

Mandate

A formal order from a superior court or official to an inferior one, such as a mandate from the U.S. federal government to state government.

 

Qualitative Analysis

A weighted factor or nonmonetary evaluation and analysis that is based on a weighting or criticality factor valuation as part of the evaluation or analysis.

 

Quantitative Analysis

A numerical evaluation and analysis that is based on monetary or dollar valuation as part of the evaluation or analysis.

 

Regulation

How a law or mandate is implemented.

 

Risk

The exposure or potential for loss or damage to IT assets within that IT infrastructure.

 

Risk Assessment

A process for evaluating the exposure or potential loss or damage to the IT and data assets for an organization.

 

Risk Management

The overall responsibility and management of risk within an organization. Risk management is the responsibility and dissemination of roles, responsibilities, and accountabilities for risk in an organization.

 

Threat

Any agent, condition, or circumstance that could potentially cause harm, loss, damage, or compromise to an IT asset or data asset.

 

Vulnerability

A weakness in the IT infrastructure or IT components that may be exploited for a threat to destroy, damage, or compromise an IT asset.

 

Vulnerability Assessment

A methodical evaluation of an organization's IT weaknesses of infrastructure components and assets and how those weaknesses can be mitigated through proper security controls and recommendations to remediate exposure to risks, threats, and vulnerabilities.

 

Vulnerability Management

The overall responsibility and management of vulnerabilities within an organization and how that management of vulnerabilities will be achieved through dissemination of duties throughout the IT organization.

 


Introduction to Assessing Network Vulnerabilities

Foundations and Principles of Security

Why Risk Assessment

Risk-Assessment Methodologies

Scoping the Project

Understanding the Attacker

Performing the Assessment

Tools Used for Assessments and Evaluations

Preparing the Final Report

Post-Assessment Activities

Appendix A. Security Assessment Resources

Appendix B. Security Assessment Forms

Appendix C. Security Assessment Sample Report

Appendix D. Dealing with Consultants and Outside Vendors

Appendix E. SIRT Team Report Format Template



Inside Network Security Assessment. Guarding your IT Infrastructure
Inside Network Security Assessment: Guarding Your IT Infrastructure
ISBN: 0672328097
EAN: 2147483647
Year: 2003
Pages: 138

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net