Unit 3-2 Risk Analysis [Compatibility Mode]

Unit 3-2 Risk Analysis [Compatibility Mode] - Unit 3 Risk...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: 12/19/2010 Unit 3: Risk Analysis Part 2 Click Here To Start Audio Microsoft Security Risk Management Discipline Nine Steps as outlined in Securing Windows 2000 Server ◦ Asset Assessment and valuation ◦ Identifying security risks ◦ Analyzing and Prioritizing Security Risks ◦ Security Risk Tracking ◦ Security Remediation Development ◦ Security Remediation Testing ◦ Capturing Security Knowledge ◦ Reassessing new and changed assets and security risks ◦ Stabilizing and deploying new or changed countermeasures. Threat Assessment Focus on Security Services ◦ Confidentiality ◦ Integrity ◦ Availability Recommends Policy Review 1 12/19/2010 Threat Analysis Threat Motives + Exploit Methods + Asset Vulnerabilities = Attack Risk Planning Proactive Strategy ◦ Determine Damage ◦ Determine Vulnerabilities ◦ Minimize Vulnerabilities ◦ Implement Countermeasures Reactive Strategy ◦ Limit the Damage ◦ Assess the Damage ◦ Determine the Cause ◦ Repair the Damage Contingency Plan Alternative Plan developed in case attack is successful. ◦ Who must do what, when, and where in order to keep organization running ◦ Be rehearsed ◦ Cover Restoring ◦ Cover Procedures to Move Production Servers to Another Location. ◦ Include a Post-Mortem 2 12/19/2010 Consequence Risk Statements (Securing (Securing Windows 2000 Server) 3 ...
View Full Document

Page1 / 3

Unit 3-2 Risk Analysis [Compatibility Mode] - Unit 3 Risk...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online