From: James Williams (jwilliams@mail.wtamu.edu)
Date: Fri Jan 14 2005 - 12:41:35 EST
It is my understanding that a 'Risk Assessment' should cover the following
material:
Determine Assets
-- What are the 'crown jewels'?
-- Tangible Assets
-- Intangible Assets
-- Human Assets
Determine Value
-- Value of Assets
-- Value of People
-- What affects Value?
Determine Threats
-- Internal Threats
-- External Threats
-- Can be people, computers, natural disasters, etc
Determine Vulnerabilities
-- Basically anything that is going to compromise the integrity of the
'Assets'
Determine Risk
-- Risk = Value x Threat x Vulnerability
What are acceptable risks?
What are unacceptable risks?
How much are the assets worth and how much do you want to protect them?
Anyways, I hope that helps.
James Williams
-----Original Message-----
From: Mambo [mailto:mamboz@gmail.com]
Sent: Thursday, January 13, 2005 5:04 AM
To: pen-test@securityfocus.com
Subject: Sample Risk Assessment Report
Hi All,
Any idea about any sample Risk Assessment Report's available
on the net. Was searching but got very few which are not worth
mentioning.
Cheers
Mambo
"""Security-- Someone gave birth...But i Own it..now..."""
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:13 EDT