This preview shows pages 1–3. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: 12/19/2010 Unit 3: Risk Analysis
Part 2 Click Here To Start Audio Microsoft Security Risk Management Discipline
Nine Steps as outlined in Securing Windows 2000 Server ◦ Asset Assessment and valuation ◦ Identifying security risks ◦ Analyzing and Prioritizing Security Risks ◦ Security Risk Tracking ◦ Security Remediation Development ◦ Security Remediation Testing ◦ Capturing Security Knowledge ◦ Reassessing new and changed assets and security risks ◦ Stabilizing and deploying new or changed countermeasures. Threat Assessment
Focus on Security Services ◦ Confidentiality ◦ Integrity ◦ Availability Recommends Policy Review 1 12/19/2010 Threat Analysis
Threat Motives + Exploit Methods + Asset Vulnerabilities = Attack Risk Planning
◦ Determine Damage ◦ Determine Vulnerabilities ◦ Minimize Vulnerabilities ◦ Implement Countermeasures Reactive Strategy
◦ Limit the Damage ◦ Assess the Damage ◦ Determine the Cause ◦ Repair the Damage Contingency Plan
Alternative Plan developed in case attack is successful.
◦ Who must do what, when, and where in order to keep organization running ◦ Be rehearsed ◦ Cover Restoring ◦ Cover Procedures to Move Production Servers to Another Location. ◦ Include a Post-Mortem 2 12/19/2010 Consequence Risk Statements
(Securing (Securing Windows 2000 Server) 3 ...
View Full Document
- Spring '11