This preview shows pages 1–3. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: 12/19/2010 1 Unit 3 :Risk Analysis Unit 3 :Risk Analysis Part 1 Click Here To Start Audio Risk Analysis Risk Analysis c Vulnerability Analysis - Bishop Chapter 23 c DoD Threat Analysis c Microsofts Threat Analysis c Common Criteria Threat Analysis Security Policies Security Objectives Flaw Hypothesis Methodology Flaw Hypothesis Methodology c Information Gathering c Flaw Hypothesis c Flaw Testing c Flaw Generation Bishop, Chapter 23 12/19/2010 2 Vulnerability Tiger Teams Vulnerability Tiger Teams c Very Effective Tool c Should be Targeted c Penetration Studies (e.g. RISOS) would tell us to target: Integration Points Documented Dont Dos Install/Config Errors Vulnerability Testing Vulnerability Testing Demonstrates Design Problems Demonstrates Design Problems c Implementation Problems are the Source of Many Vulnerabilities c Hackers Will Find Them c Read the Examples in Bishop Chapter 23 Internet Worm of 1988 Xterm Security Flaws NT Security Flaws...
View Full Document
- Spring '11