Penetration Testing mailing list archives
RE: Sample Risk Assessment Report
From: "James Williams" <jwilliams () mail wtamu edu>
Date: Fri, 14 Jan 2005 11:41:35 -0600
It is my understanding that a 'Risk Assessment' should cover the following material: Determine Assets -- What are the 'crown jewels'? -- Tangible Assets -- Intangible Assets -- Human Assets Determine Value -- Value of Assets -- Value of People -- What affects Value? Determine Threats -- Internal Threats -- External Threats -- Can be people, computers, natural disasters, etc Determine Vulnerabilities -- Basically anything that is going to compromise the integrity of the 'Assets' Determine Risk -- Risk = Value x Threat x Vulnerability What are acceptable risks? What are unacceptable risks? How much are the assets worth and how much do you want to protect them? Anyways, I hope that helps. James Williams -----Original Message----- From: Mambo [mailto:mamboz () gmail com] Sent: Thursday, January 13, 2005 5:04 AM To: pen-test () securityfocus com Subject: Sample Risk Assessment Report Hi All, Any idea about any sample Risk Assessment Report's available on the net. Was searching but got very few which are not worth mentioning. Cheers Mambo """Security-- Someone gave birth...But i Own it..now..."""
Current thread:
- Sample Risk Assessment Report Mambo (Jan 13)
- RE: Sample Risk Assessment Report Tyler Markowsky (Jan 14)
- RE: Sample Risk Assessment Report James Williams (Jan 14)
- <Possible follow-ups>
- RE: Sample Risk Assessment Report Todd Towles (Jan 13)
- Re: Sample Risk Assessment Report infosecgod (Jan 14)
- RE: Sample Risk Assessment Report Cure, Samuel J (Jan 14)
- RE: Sample Risk Assessment Report Tyler Markowsky (Jan 14)
- RE: Sample Risk Assessment Report Cure, Samuel J (Jan 14)