Security Basics mailing list archives

RE: Risk assesment

From: aaa () bbb com
Date: Thu, 21 May 2009 14:26:29 -0600
It would probably be a good idea if you defined what you think "risk assessment" means, just to make sure everyone is 
'on the same page'.  Would content on "Risk Management" or "vulnerability assessment" help answer your question.  The 
formal definitions of each term is separate, but in practice some of the material on each can be refocused to answer 
questions about the other topics.

Here are some links, all not quite what you're looking, a few very specifically focused, but you might find some useful 
stuff in them:

http://www.itsecurity.com/features/it-security-audit-010407/  - Create Your Own Security Audit

***

http://www.portal.state.pa.us/portal/server.pt/community/security_awareness/494/security_assessment_framework/203339 - 
this page may have exactly what you are looking for.  Specifically the 2 links at the very bottom of the page under: 

Attached Files:
     CISOToolkit_v1.zip
     SecureMethod.doc 

****

Conducting a risk assessment for SMBs
Pierre Dorion
12.15.2008
http://searchsmbstorage.techtarget.com/tip/0,289483,sid188_gci1342620,00.html?track=NL-1079&ad=682417&asrc=EM_NLT_5481685&uid=4739563
  

****

Don't Abuse Your Risk Assessment 
http://it.toolbox.com/blogs/securitymonkey/dont-abuse-your-risk-assessment-14424
by Security Monkey (Information Security Investigator)

He has lots of interesting blog entries.  Well worth ready more of his writing
*****************************

http://www.netragard.com/landing-page/index.php - 3 things you must know before choosing a security assessment

***

http://www.informit.com/content/images/0321356705/samplechapter/McGraw_ch05.pdf - Architectural Risk Analysis1 (sample 
book chapter)

***\

http://www.version2.dk/whitepapers/9/Printing+Security:+A+Guide+to+Some+Commonly+Overlooked+Vulnerabilities - Printing 
security: a guide to some commonly 
overlooked vulnerabilities 

***

A Day in the Life of a Risk Analyst  A Short Story (based upon a true story)

by Jeff Bardin, Fri, 2009-03-27 21:37

http://blogs.csoonline.com/a_day_in_the_life_of_a_risk_analyst_a_short_story_based_upon_a_true_story?source=nlt_csoupdate
 

***

Call Centers: Risk Assessment Reminders

A few questions to help make sure your call center security plan covers the necessary bases.

By Malcolm Wheatley \

http://www.csoonline.com/article/356065/Call_Centers_Risk_Assessment_Reminders 

***

Death of a risk assessor

http://searchsecurity.techtarget.com/news/column/0,294698,sid14_gci1339548,00.html?track=NL-102&ad=674684&asrc=EM_NLN_5084348&uid=4739563
 http://media.techtarget.com/searchSecurity/images/spacer.gif

By Joseph Granneman

***

Gartner analysts to IT pros: Learn the language of risk
 

By Bill Brenner, Senior News Writer
05 Jun 2007 | SearchSecurity.com 
http://searchfinancialsecurity.techtarget.com/news/article/0,289142,sid185_gci1294560,00.html  

***

How to Prioritize Threats (Without Spending Big Bucks)

An internally developed risk matrix helps utility company PG&E figure out which vulnerabilities to focus on first

by Robert McMillan,

April 17, 2008

http://www.csoonline.com/article/330670/How_to_Prioritize_Threats_Without_Spending_Big_Bucks_?source=nlt_csosecurityleader
 

***

Loading Docks in Multitenant Buildings

Shipping and receiving are trickiest in multitenant facilities. Here's a tool for assessing risk in such a scenario.

By Lauren Gibbons Paul

http://www.csoonline.com/article/451321/Loading_Docks_in_Multitenant_Buildings

October 05, 2008 

***

Number-driven risk metrics 'fundamentally broken'

By Michael S. Mimoso, Editor, Information Security magazine
12 Mar 2009

http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1350658,00.html?track=NL-102&ad=694229&asrc=EM_NLN_6152417&uid=4739563
 

***

Sample Questions For Finding Information Security Weaknesses

Sidebar to Using Metrics to Diagnose Problems: A Case Study

By Andrew Jaquith

http://www.csoonline.com/article/221202/Sample_Questions_For_Finding_Information_Security_Weaknesses

May 18, 2007 

***

Use risk management for reasonable information asset protection
       Date: February 19th, 2007
       Author: Tom Olzak 
http://blogs.techrepublic.com.com/security/?p=158&tag=nl.e118

***

Expand on what specifically you are looking for, what industry are you in, what parts of the business are you looking 
at (whole business, IT only, specific parts of IT ie servers, desktops, network etc)

HTH
Ron

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most 
concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain 
a laser like insight into what is covered on the exam, with zero fluff! 

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------
Current thread:

RE: Risk assesment Dan Vultur (May 21)
- Re: Risk assesment Daniel Miessler (May 22)
- <Possible follow-ups>
- RE: Risk assesment aaa (May 22)