Penetration Testing mailing list archives
Re: Sample Risk Assessment Report
From: <infosecgod () gmail com>
Date: 14 Jan 2005 00:51:58 -0000
In-Reply-To: <9E97F0997FB84D42B221B9FB203EFA276E9563 () dc1ms2 msad brookshires net>
If you use some Google hacking you can find security scan reports. =3D) Not exactly what you want..but Nessus http://www.computec.ch/dokumente/windows/sicherheit_von_windows/2-scanni ng/nessus-report.html http://mrcorp.infosecwriters.com/os_scan/xpscan/default/default.html http://www.rit.edu/~wjh3710/pub/old.html http://www.kefk.net/Admin/Nessus/kefk_net/
It is important to understand the difference between a vulnerability scanner report - which these are - and what has been requested - a risk assessment report. This is one of the main reasons why security has gotten a bad name for itself in the corporate world - IT/security managers do not want to see another list of things they need to do (fix). A risk assessment takes the information delivered by the scanners and other testing techniques and provides understanding of the scanning results within the context of business risks. This means that using Nessus/ISS/eEYE results do NOT equal risk assessment. These tools are important parts of the risk assessment process but do not represent risk assessment. Risk assessments assign values to IT assets and use these values to understand risk within a business context. A better area to look would be at the risk methodologies themselves such as http://www.security-risk-analysis.com/ http://www.cert.org/octave/ http://www.riskworld.net/ are good places to start J/
Current thread:
- Sample Risk Assessment Report Mambo (Jan 13)
- RE: Sample Risk Assessment Report Tyler Markowsky (Jan 14)
- RE: Sample Risk Assessment Report James Williams (Jan 14)
- <Possible follow-ups>
- RE: Sample Risk Assessment Report Todd Towles (Jan 13)
- Re: Sample Risk Assessment Report infosecgod (Jan 14)
- RE: Sample Risk Assessment Report Cure, Samuel J (Jan 14)
- RE: Sample Risk Assessment Report Tyler Markowsky (Jan 14)
- RE: Sample Risk Assessment Report Cure, Samuel J (Jan 14)