Security Basics mailing list archives
RE: Risk assesment
From: aaa () bbb com
Date: Thu, 21 May 2009 14:26:29 -0600
It would probably be a good idea if you defined what you think "risk assessment" means, just to make sure everyone is 'on the same page'. Would content on "Risk Management" or "vulnerability assessment" help answer your question. The formal definitions of each term is separate, but in practice some of the material on each can be refocused to answer questions about the other topics. Here are some links, all not quite what you're looking, a few very specifically focused, but you might find some useful stuff in them: http://www.itsecurity.com/features/it-security-audit-010407/ - Create Your Own Security Audit *** http://www.portal.state.pa.us/portal/server.pt/community/security_awareness/494/security_assessment_framework/203339 - this page may have exactly what you are looking for. Specifically the 2 links at the very bottom of the page under: Attached Files: CISOToolkit_v1.zip SecureMethod.doc **** Conducting a risk assessment for SMBs Pierre Dorion 12.15.2008 http://searchsmbstorage.techtarget.com/tip/0,289483,sid188_gci1342620,00.html?track=NL-1079&ad=682417&asrc=EM_NLT_5481685&uid=4739563 **** Don't Abuse Your Risk Assessment http://it.toolbox.com/blogs/securitymonkey/dont-abuse-your-risk-assessment-14424 by Security Monkey (Information Security Investigator) He has lots of interesting blog entries. Well worth ready more of his writing ***************************** http://www.netragard.com/landing-page/index.php - 3 things you must know before choosing a security assessment *** http://www.informit.com/content/images/0321356705/samplechapter/McGraw_ch05.pdf - Architectural Risk Analysis1 (sample book chapter) ***\ http://www.version2.dk/whitepapers/9/Printing+Security:+A+Guide+to+Some+Commonly+Overlooked+Vulnerabilities - Printing security: a guide to some commonly overlooked vulnerabilities *** A Day in the Life of a Risk Analyst A Short Story (based upon a true story) by Jeff Bardin, Fri, 2009-03-27 21:37 http://blogs.csoonline.com/a_day_in_the_life_of_a_risk_analyst_a_short_story_based_upon_a_true_story?source=nlt_csoupdate *** Call Centers: Risk Assessment Reminders A few questions to help make sure your call center security plan covers the necessary bases. By Malcolm Wheatley \ http://www.csoonline.com/article/356065/Call_Centers_Risk_Assessment_Reminders *** Death of a risk assessor http://searchsecurity.techtarget.com/news/column/0,294698,sid14_gci1339548,00.html?track=NL-102&ad=674684&asrc=EM_NLN_5084348&uid=4739563 http://media.techtarget.com/searchSecurity/images/spacer.gif By Joseph Granneman *** Gartner analysts to IT pros: Learn the language of risk By Bill Brenner, Senior News Writer 05 Jun 2007 | SearchSecurity.com http://searchfinancialsecurity.techtarget.com/news/article/0,289142,sid185_gci1294560,00.html *** How to Prioritize Threats (Without Spending Big Bucks) An internally developed risk matrix helps utility company PG&E figure out which vulnerabilities to focus on first by Robert McMillan, April 17, 2008 http://www.csoonline.com/article/330670/How_to_Prioritize_Threats_Without_Spending_Big_Bucks_?source=nlt_csosecurityleader *** Loading Docks in Multitenant Buildings Shipping and receiving are trickiest in multitenant facilities. Here's a tool for assessing risk in such a scenario. By Lauren Gibbons Paul http://www.csoonline.com/article/451321/Loading_Docks_in_Multitenant_Buildings October 05, 2008 *** Number-driven risk metrics 'fundamentally broken' By Michael S. Mimoso, Editor, Information Security magazine 12 Mar 2009 http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1350658,00.html?track=NL-102&ad=694229&asrc=EM_NLN_6152417&uid=4739563 *** Sample Questions For Finding Information Security Weaknesses Sidebar to Using Metrics to Diagnose Problems: A Case Study By Andrew Jaquith http://www.csoonline.com/article/221202/Sample_Questions_For_Finding_Information_Security_Weaknesses May 18, 2007 *** Use risk management for reasonable information asset protection Date: February 19th, 2007 Author: Tom Olzak http://blogs.techrepublic.com.com/security/?p=158&tag=nl.e118 *** Expand on what specifically you are looking for, what industry are you in, what parts of the business are you looking at (whole business, IT only, specific parts of IT ie servers, desktops, network etc) HTH Ron ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff! http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html ------------------------------------------------------------------------
Current thread:
- RE: Risk assesment Dan Vultur (May 21)
- Re: Risk assesment Daniel Miessler (May 22)
- <Possible follow-ups>
- RE: Risk assesment aaa (May 22)