Firewall Wizards mailing list archives
Security policy and risk analysis questions
From: "Frank Pawlak" <FPAWL () pcsentre com>
Date: Tue, 27 Apr 1999 10:57:56 -0500
I am in the process of developing a network security policy and am stuck in a few areas. So far I have completed the following: Identified the assets to be protected Defined what those assets are worth to the organization Identified the sources of attack My question concerns the risk analysis. It is my understanding that the risk analysis is used to determine the amount to spend to protect the assets. My problem is assigning a probability to any of the defined threats that an attack will occur from that threat. I realize that this is a highly subjective area. I have searched many books and articles on security policy development without getting much information in this particular area of the risk analysis. Any help or guidelines would be most appreciated. My thanks in advance for all advice. Frank
Current thread:
- Security policy and risk analysis questions Frank Pawlak (Apr 28)
- Re: Security policy and risk analysis questions Bennett Todd (Apr 28)
- RE: Security policy and risk analysis questions Matt McClung (Apr 30)
- Re: Security policy and risk analysis questions Joseph Pung (Apr 29)
- Re: Security policy and risk analysis questions Bennett Todd (Apr 28)