Why Risk Assessment

With industry compliancy and information security laws and mandates being introduced in the past four years, the need for conducting a vulnerability and risk assessment is now paramount. These recent laws and mandates include the following:

  • The Healthcare Information Privacy and Portability Act (HIPPA) is driving the need for vulnerability and risk assessments to be conducted within any health-care or health-care-related institution.
  • The recent Gramm-Leach-Bliley Act (GLBA) is driving the need for vulnerability and risk assessments to be conducted within any banking or financial institution in the United States.
  • The recent Federal Information Security Management Act (FISMA) is driving the need for vulnerability and risk assessments to be conducted for all United States federal government agencies.
  • The recent Sarbanes-Oxley Act affects all publicly traded companies within the United States that have a market cap greater than $75 million; they are now subject to compliance with the Sarbanes-Oxley Act, Section 404, which also is driving the need for vulnerability and risk assessments to be conducted for publicly traded companies.
  • The recent Canadian Management of Information Security Standard (MITS) requires regular security assessments for all Canadian federal government agencies.

The need to conduct vulnerability and risk assessments is being driven by these new laws and mandates. Organizations must now be information security conscious and must develop and implement proper security controls based on the results of their internal risk assessment and vulnerability assessment. By conducting a risk assessment and vulnerability assessment, an organization can uncover known weaknesses and vulnerabilities in its existing IT infrastructure, prioritize the impact of these vulnerabilities based on the value and importance of affected IT and data assets, and then implement the proper security controls and security countermeasures to mitigate those identified weaknesses. This risk mitigation results in increased security and less probability of a threat or vulnerability impacting an organization's production environment.

Introduction to Assessing Network Vulnerabilities

Foundations and Principles of Security

Why Risk Assessment

Risk-Assessment Methodologies

Scoping the Project

Understanding the Attacker

Performing the Assessment

Tools Used for Assessments and Evaluations

Preparing the Final Report

Post-Assessment Activities

Appendix A. Security Assessment Resources

Appendix B. Security Assessment Forms

Appendix C. Security Assessment Sample Report

Appendix D. Dealing with Consultants and Outside Vendors

Appendix E. SIRT Team Report Format Template



Inside Network Security Assessment. Guarding your IT Infrastructure
Inside Network Security Assessment: Guarding Your IT Infrastructure
ISBN: 0672328097
EAN: 2147483647
Year: 2003
Pages: 138

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net