This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: 12/19/2010 1 Unit 3 :Risk Analysis Unit 3 :Risk Analysis Part 1 Click Here To Start Audio Risk Analysis Risk Analysis c Vulnerability Analysis - Bishop Chapter 23 c DoD Threat Analysis c Microsoft’s Threat Analysis c Common Criteria ◦ Threat Analysis ◦ Security Policies ◦ Security Objectives Flaw Hypothesis Methodology Flaw Hypothesis Methodology c Information Gathering c Flaw Hypothesis c Flaw Testing c Flaw Generation Bishop, Chapter 23 12/19/2010 2 Vulnerability Tiger Teams Vulnerability Tiger Teams c Very Effective Tool c Should be Targeted c Penetration Studies (e.g. RISOS) would tell us to target: ◦ Integration Points ◦ Documented Don’t Do’s ◦ Install/Config Errors Vulnerability Testing Vulnerability Testing Demonstrates Design Problems Demonstrates Design Problems c Implementation Problems are the Source of Many Vulnerabilities c Hackers Will Find Them c Read the Examples in Bishop Chapter 23 ◦ Internet Worm of 1988 ◦ Xterm Security Flaws ◦ NT Security Flaws...
View Full Document
- Spring '11
- Secrecy, Classified information, Uncleared, 0 1 2 3 5 w