Understanding the Attacker
By understanding who attacks, why they attack, how they attack, and what they do, the IT security professionals conducting the risk and vulnerability assessment can focus on combating threats and vulnerabilities commonly exploited by an attacker. This type of intelligence data can assist in the risk and vulnerability assessment by providing the IT security professional with knowledge about how attacks are conducted. This knowledge can be applied to defense-in-depth security controls and security countermeasures distributed throughout the IT infrastructure and seven areas of information security responsibility. Without this knowledge, the IT security professional cannot conduct the risk and vulnerability assessment from an attacker's point of view.
This chapter will present an overview of the following characteristics about attackers:
- Who are the attackers? Internal employees, contractors, third-party users, external attackers, hackers, and perpetrators.
- What do the attackers do? Bypass security controls, commit unauthorized access, and exploit software vulnerabilities. Depending on the motivational reasons for the attack, attackers do different things.
- Why do attackers do it? The goals and motivational factors explaining why attackers, hackers, and perpetrators attack an IT infrastructure and its assets will be defined.
- How do attackers do it? The tools, approaches, and methods that attackers, hackers, and perpetrators use to conduct an attack on an IT infrastructure will be described.
With knowledge in these four areas about attackers, conducting a risk and vulnerability assessment can be done with a specific strategy in mind as well as with knowledge of how attackers attack. This approach to conducting a risk and vulnerability assessment equips the IT security professional with knowledge about how to monitor, prevent, and eliminate various attacks on the IT infrastructure. This knowledge will assist the IT security professional in developing an appropriate information security strategy for its IT infrastructure that encompasses the seven areas of information security responsibility.
Introduction to Assessing Network Vulnerabilities
- Introduction to Assessing Network Vulnerabilities
- What Security Is and Isnt
- Process for Assessing Risk
- Four Ways in Which You Can Respond to Risk
- Network Vulnerability Assessment
Foundations and Principles of Security
- Foundations and Principles of Security
- Basic Security Principles
- Security Requires Information Classification
- The Policy Framework
- The Role Authentication, Authorization, and Accountability Play in a Secure Organization
- Encryption
- Security and the Employee (Social Engineering)
Why Risk Assessment
- Why Risk Assessment
- Risk Terminology
- Laws, Mandates, and Regulations
- Risk Assessment Best Practices
- Understanding the IT Security Process
- The Goals and Objectives of a Risk Assessment
Risk-Assessment Methodologies
- Risk-Assessment Methodologies
- Risk-Assessment Terminology
- Quantitative and Qualitative Risk-Assessment Approaches
- Best Practices for Quantitative and Qualitative Risk Assessment
- Choosing the Best Risk-Assessment Approach
- Common Risk-Assessment Methodologies and Templates
Scoping the Project
- Scoping the Project
- Defining the Scope of the Assessment
- Reviewing Critical Systems and Information
- Compiling the Needed Documentation
- Making Sure You Are Ready to Begin
Understanding the Attacker
- Understanding the Attacker
- Who Are the Attackers?
- What Do Attackers Do?
- Reducing the Risk of an Attack
- How to Respond to an Attack
Performing the Assessment
- Performing the Assessment
- Introducing the Assessment Process
- Level I Assessments
- Level II Assessments
- Level III Assessments
Tools Used for Assessments and Evaluations
- Tools Used for Assessments and Evaluations
- A Brief History of Security Tools
- Putting Together a Toolkit
- Determining What Tools to Use
Preparing the Final Report
- Preparing the Final Report
- Preparing for Analysis
- Ranking Your Findings
- Building the Final Report
- Contents of a Good Report
- Determining the Next Step
- Audit and Compliance
Post-Assessment Activities
- Post-Assessment Activities
- IT Security Architecture and Framework
- Roles, Responsibilities, and Accountabilities
- Security Incident Response Team (SIRT)
- Vulnerability Management
- Training IT Staff and End Users
Appendix A. Security Assessment Resources
Appendix B. Security Assessment Forms
- Information Request Form
- Document Tracking Form
- Critical Systems and Information Forms
- Level II Assessment Forms
Appendix C. Security Assessment Sample Report
- Appendix C. Security Assessment Sample Report
- Notice
- Executive Summary
- Statement of Work
- Analysis
- Recommendations
- Conclusions
Appendix D. Dealing with Consultants and Outside Vendors
- Appendix D. Dealing with Consultants and Outside Vendors
- Procurement Terminology
- Typical RFP Procurement Steps
- Procurement Best Practices
Appendix E. SIRT Team Report Format Template
EAN: 2147483647
Pages: 138
