Facebook Follow



XLM News Janco News Feed

Reddit  Del.icio.us  Stumble Upon  Facebook  
BYOD Policy
Security Topics

How to Justify Security Spending
ISO Domains & Security Manual Template
ISO 27008:2011
Top 10 Security Myths
Security Issue Trends
Security Management
BYOD
Common User Passwords
User Security Holes
Passwords
Top Network
Security Weaknesses
Malware Impact On Security
Steps to Detect and Prevent Security Breaches
Insider Data Security Issues
What is HIPAA
SmartPhone & Tablet Security
Digital Copier Risk
Mobile Device Security

 

Risk Assessment

Threat Vulnerability Assessment

Sarbanes Oxley Compliance Tool

Risk Assessment - Key to Managing Information and IT Security

Threat Vulnerability AssessmentDownload Threat Assessement

Threat, risk and vulnerability assessment is an objective evaluation of threats, risks, and vulnerabilities in which assumptions and uncertainties are clearly considered and presented. Part of the difficulty of risk management is that measurement of both of the quantities in which risk assessment is concerned - potential loss and probability of occurrence - can be very difficult to measure. The chance of error in the measurement of these two concepts is large. A risk with a large potential loss and a low probability of occurring is often treated differently from one with a low potential loss and a high likelihood of occurring. In theory, both are of nearly equal priority in dealing with first, but in practice it can be very difficult to manage when faced with the scarcity of resources, especially time, in which to conduct the risk management process.

One of the problems of computer security is deciding on how much security is necessary for proper control of system and network assets. This gets down to the concept of threat assessment or, more specifically, what do you have and who would want it? While it sounds relatively simple to state, it's not that easy to assess corporate network threat unless you approach things in a structured manner.

The Threat Vulnerability Assessment Tool

The Threat Vulnerability Assessment Tool is one component of a series of HandiGuide® Tools that have been created by Janco for use by enterprises of all sizes. Some of the drivers behind the Threat, Risk and Vulnerability Assessment Tool are requirements like those mandated by Sarbanes Oxley, HIPAA, ISO, and PCI-DSS.

For example, Sarbanes Oxley compliance requires enterprises to conduct a risk vulnerability and threat vulnerability assessment. The process concludes with a security vulnerability assessment. Below is a sample of a risk assessment created with the Threat Vulnerability Assessment Tool.

Sample Risk Assessment

Sample Risk Assessment

The Tool comes with a work plan that can be used to conduct the Threat and Vulnerability Assessment as well as a definition of the components of the process including:

  • Administrative Safeguards
  • Logical Safeguards
  • Physical Safeguards

A three (3) page form is included in WORD, EXCEL, and PDF formats. It should be completed for each physical location of the enterprise and for each functional operation and location. Sections of the Tool include the following:

  • Demographics of each physical location,
  • Access to each facility at each physical location,
  • Environmental factors associated with each physical location,
  • IT and business process at each,
  • A risk ranking matrix with a scoring mechanism that looks at:
    • Vulnerability as measured by probability of the threat occurring versus,

    • The impact of the loss
    • Rules for scoring the risk.
Threat Vulnerability AssessmentDownload Threat Assessement
 
Web Security Threats

Threat

Impact

% Vulnerable

Bogus site user scripting
Impersonate trusted site or user to gain access to your sensitive data
80%
SQL injection
Access all the data in your database and compromise your data
62%
Parameter alteration
Navigate your database and retrieve or modify its contents
60%
Cookie theft or poisoning
Steal one of your customers' identities
37%
© 2010 - Copyright - Janco Associates, Inc. - ALL RIGHTS RESERVED