This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: 12/19/2010 1 Unit 3 :Risk Analysis Unit 3 :Risk Analysis Part 1 Click Here To Start Audio Risk Analysis Risk Analysis c Vulnerability Analysis - Bishop Chapter 23 c DoD Threat Analysis c Microsoft’s Threat Analysis c Common Criteria ◦ Threat Analysis ◦ Security Policies ◦ Security Objectives Flaw Hypothesis Methodology Flaw Hypothesis Methodology c Information Gathering c Flaw Hypothesis c Flaw Testing c Flaw Generation Bishop, Chapter 23 12/19/2010 2 Vulnerability Tiger Teams Vulnerability Tiger Teams c Very Effective Tool c Should be Targeted c Penetration Studies (e.g. RISOS) would tell us to target: ◦ Integration Points ◦ Documented Don’t Do’s ◦ Install/Config Errors Vulnerability Testing Vulnerability Testing Demonstrates Design Problems Demonstrates Design Problems c Implementation Problems are the Source of Many Vulnerabilities c Hackers Will Find Them c Read the Examples in Bishop Chapter 23 ◦ Internet Worm of 1988 ◦ Xterm Security Flaws ◦ NT Security Flaws...
View Full Document
This note was uploaded on 02/20/2011 for the course TECH 7375 taught by Professor June during the Spring '11 term at University of Arkansas for Medical Sciences.
- Spring '11