lab10 - Lab 10: Security Audit y Outlines Security Audit...

Info iconThis preview shows pages 1–11. Sign up to view the full content.

View Full Document Right Arrow Icon
Lab 10: Security Audit Outlines • Security Audit Life Cycle • General Steps of Security Risk Assessment Risk Management Process • Risk Ranking Matrix isk Options Risk Options • Security Policy • General Steps of Security Audit • Common Activities in a Security Audit • General Steps of a Penetration Test Network Scanner Nessus • An Audit Report Example IEG 7006 (2010) 1
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
ab 10: Security Audit Lab 10: Security Audit ecurity Audit Life Cycle Security Audit Life Cycle IEG 7006 (2010) 2
Background image of page 2
ork of Optimization Work of Optimization 100% Maximum High Security Medium Low Baseline Protection High Maximum IEG 7006 (2010) 3 Expense
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
eneral Steps of Security Risk Assessment General Steps of Security Risk Assessment 1. Planning 2. Information Gathering 3. Risk Analysis ssets/Threat/Vulnerability i. Assets/Threat/Vulnerability Assets Identification and Valuation Threat Analysis Vulnerability Analysis Risk Analysis ii. Assets/Threats/Vulnerability Mapping iii. Impact & Likelihood Assessment iv. Risk Results Analysis 4. Identifying and Selecting Safeguards 5. Monitoring and Implementation IEG 7006 (2010) 4
Background image of page 4
isk Management Process Risk Management Process Risk Assessment Risk Control • Asset Identification and Valuation • Identification of Vulnerabilities • Review of Existing Security Controls • Identification of Threats • Evaluation of Impacts usiness Risk • Identification of new Security Control • Policy and Procedures • Business Risk • Rating/ranking of Risks • Implementation and Risk Reduction isk Acceptance (Residual Risk) • Risk Acceptance (Residual Risk) and Divert IEG 7006 (2010) 5
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
ab 10: Security Audit Lab 10: Security Audit A sample of Risk Ranking Matrix Risk Categories IMPACT (High,Medium, LIKELIHOOD (high, medium, RISK LEVEL = IMPACT X Low) low LIKELIHOOD (high, medium, low) Confidentiality 326 Integrity 313 Availability 212 IEG 7006 (2010) 6 Overall
Background image of page 6
ab 10: Security Audit Lab 10: Security Audit A sample of Risk Ranking Matrix High Impact Most significant: major loss and damaging the rganization organization Medium Impact ignificant: medium loss Significant: medium loss Low Impact Least significant: low loss High Likelihood Expect to occur in most circumstances Medium Likelihood Should occur at some time IEG 7006 (2010) 7
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
ab 10: Security Audit Lab 10: Security Audit A sample of Risk Ranking Matrix Low Likelihood Could occur at specific time High Risk Level A low tolerance to risk exposures Medium Risk Level A medium tolerance to risk exposures ow Risk Level Low Risk Level A high tolerance to risk exposures verall Result Overall Result Equal to the highest security risk level IEG 7006 (2010) 8
Background image of page 8
ab 10: Security Audit Lab 10: Security Audit List of Risk Options When onsequences/likelihood are low Consequences/likelihood are low Usability or other factors overweight ecurity security Options Accept risk Description To bear the liability IEG 7006 (2010) 9
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
ab 10: Security Audit Lab 10: Security Audit List of Risk Options When is a high risk and cannot be accepted It is a high risk and cannot be accepted Options Reduce risk Description To reduce the consequences or the likelihood, or both IEG 7006 (2010) 10
Background image of page 10
Image of page 11
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 05/18/2010 for the course INFORMATIO IEG7006 taught by Professor Unknown during the Spring '10 term at CUHK.

Page1 / 42

lab10 - Lab 10: Security Audit y Outlines Security Audit...

This preview shows document pages 1 - 11. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online