Vulnerability Assessment
- Systematic evaluation of asset exposure
- Attackers
- Forces of nature
- Any potentially harmful entity
- Aspects of vulnerability assessment
- Asset identification
- Threat evaluation
- Vulnerability appraisal
- Risk assessment
- Risk mitigation
More after the break!
- Asset identification
- Process of inventorying items with economic value
- Common assets
- People
- Physical assets
- Data
- Hardware
- Software
- Determine each item's relative value
- Asset's criticality to organization's goals
- How much revenue asset generates
- How difficult to replace asset
- Impact of asset unavailability to the organization
- Could rank using a number scale
- Threat evaluation
- List potential threats
- Natural disasters
- Compromise of intellectual property
- Espionage
- Extortion
- Hardware failure or errors
- Human error
- Sabotage or vandalism
- Software attacks
- Software failure or errors
- Technical obsolescence
- Theft
- Utility interruption
- Threat modeling
- Goal: understand attackers and their methods
- Often done by constructing scenarios
- Attack tree
- Provides visual representation of potential attack
- Inverted tree structure
No comments:
Post a Comment