Security Basics mailing list archives
Threat Classification (IT centric)
From: offset <offset () ubersecurity org>
Date: Wed, 11 Apr 2007 09:30:06 -0500
Greetings, I'm researching threat classifications as part of an overall risk management program and I need to classify threats as part of the foundation. Does anyone know of an overall threat classification map? Or a list of URLs/resources/papers that would discuss threat classification at a high level (ie. high level classification such as authentication). I envision something that would encompass all layers of IT risk (ie. items picked up via network scans, wireless, wardialing, host). The challenge is to take inputs from all types of vulnerability reports, normalize into a type of threat classification, then apply rules (risk calculations) to rollup to an enterprise risk management program. I understand for Web Applications there is the WASC (http://www.webappsec.org/projects/threat/), perhaps there are others for web applications? Do any other threat classification maps exist other than for Web Applications? Thanks in advance, -- offset - ubersecurity org
Current thread:
- Threat Classification (IT centric) offset (Apr 11)
- RE: Threat Classification (IT centric) Zhihao (Apr 16)
- <Possible follow-ups>
- RE: Threat Classification (IT centric) Luis Lopez Sanchez (Apr 17)
- RE: Threat Classification (IT centric) Luis Lopez Sanchez (Apr 17)