Chapter09 - Security Guide to Network Security Fundamentals Third Edition Chapter 9 Performing Vulnerability Assessments Objectives Define risk and

Info iconThis preview shows pages 1–10. Sign up to view the full content.

View Full Document Right Arrow Icon
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Security+ Guide to Network Security Fundamentals, Third Edition Objectives Define risk and risk management Describe the components of risk management List and describe vulnerability scanning tools Define penetration testing 2
Background image of page 2
Security+ Guide to Network Security Fundamentals, Third Edition Risk Management, Assessment, and Mitigation One of the most important assets any organization possesses is its data Unfortunately, the importance of data is generally underestimated The first steps in data protection actually begin with understanding risks and risk management 3
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Security+ Guide to Network Security Fundamentals, Third Edition What Is Risk? In information security, a risk is the likelihood that a threat agent will exploit a vulnerability More generally, a risk can be defined as an event or condition that could occur And if it does occur, then it has a negative impact Risk generally denotes a potential negative impact to an asset 4
Background image of page 4
Security+ Guide to Network Security Fundamentals, Third Edition Definition of Risk Management Realistically, risk cannot ever be entirely eliminated Would cost too much or take too long Rather, some degree of risk must always be assumed Risk management A systematic and structured approach to managing the potential for loss that is related to a threat 5
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Security+ Guide to Network Security Fundamentals, Third Edition Steps in Risk Management The first step or task in risk management is to determine the assets that need to be protected Asset identification The process of inventorying and managing these items Types of assets: Data Hardware Personnel Physical assets Software 6
Background image of page 6
Security+ Guide to Network Security Fundamentals, Third Edition Steps in Risk Management (continued) Along with the assets, the attributes of the assets need to be compiled Important to determine each item’s relative value Factors that should be considered in determining the relative value are: How critical is this asset to the goals of the organization? How difficult would it be to replace it? How much does it cost to protect it? How much revenue does it generate? 7
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Security+ Guide to Network Security Fundamentals, Third Edition 8
Background image of page 8
Steps in Risk Management (continued) Factors that should be considered in determining the relative value are: (continued) How quickly can it be replaced? What is the cost to replace it? What is the impact to the organization if this asset is unavailable? What is the security implication if this asset is
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 10
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 06/13/2010 for the course CITX CITX 1150 taught by Professor P.whalen during the Fall '09 term at British Columbia Institute of Technology.

Page1 / 43

Chapter09 - Security Guide to Network Security Fundamentals Third Edition Chapter 9 Performing Vulnerability Assessments Objectives Define risk and

This preview shows document pages 1 - 10. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online