Clear Text Password Risk Assessment Documentation
The risks of sending clear text passwords on an enterprise network may be clear to you as a Security Officer or Security Analyst; but the security implications are not always clear to senior management or business leaders. This paper will present a risk assessment on sending clear text passwords across an enterprise network.
Read the Article
|
Fortifying My Doghouse while Thieves Steal My Computer
In the last few years we thought that fortifying our network perimeter would keep all the bad people out of our computers and the data on our networks. What we forgot to consider are changes in methods from the threats of accidents by insiders, insiders that abuse their legal access for malicious intent or those outside bad guys and gals that compromise user accounts and log on as your inside personnel.
Read the Article
|
The Value of Risk Assessment - A Case Study
This paper will examine the application of the security risk assessment process to a rather complex project from the initial phases of its design prior to security risk assessment to its production state. It will discuss how risks were assessed and identified and show how the risk assessment process changed the final outcome of the project. We will also look at the impact that risk assessment had on the project and identify lessons learned. Security risk assessment is often a tricky business. Striking just the right balance between the high price of security and business needs is not an easy task. The process is often subjective and hard to accomplish, but if implemented correctly can greatly improve the overall security posture of a company, one project at a time.
Read the Article
|
Full Lifecycle Security Assessment - A Case Study
A security assessment is the first step to security awareness. Often a company knows that they are not secure simply because they have not taken proactive steps to address it. However, they have no idea what makes them insecure. Having a qualified security consultant or firm come in to perform a complete security assessment (which is more than is addressed in this paper, with topics such as physical security, mobile security, and much more) should be done before any money is spent on hardware or software. This assessment should give you the roadmap for where and what to spend money on, and in what order.
Read the Article
|
Application of the Survivable Network Analysis Method to Secure My Office System
I will present the results of applying the Survivable Network Analysis method to my office system. A brief overview of the method will be presented followed by a detailed description of the method. The method consists of four basic steps which will be explained. I will show how to implement these steps and the results obtained in the application of this method to securing my system. The final results of the analysis will be presented which show that this method can produce a survivable Windows 98 machine, Sun machine and a disk array. I wanted to perform a risk assessment on my office environment. I also wanted to plan and implement new features to my existing configuration. The Survivable Network Analysis (SNA) method was chosen. This method was used because it is capable of doing both assessments. I also chose this method because security is an integral part of each step.
Read the Article
|
Case Study: Security Assessment at a Small Technology Corporation
Our company has developed a Trusted Space for client-server and Web-enabled applications, allowing businesses to safely access and exchange confidential information electronically through the Internet. As we continue to develop products and services on our internal networks, and our suite of Internet Trust Services helps businesses confidently and securely move key business functions online, the security and confidentiality demands must be adequate. Our in-house IT security team, relying heavily on our past experiences and knowledge, performed an independent security assessment. Even though the people on the assessment team were all internal employees, the review was able to remain independent because of the team's limited knowledge of the internal configuration; the team was made up of recently hired individuals. The assessment included the areas of its ASP, internal network infrastructure, and firewalls.
Read the Article
|
Defining a Risk Assessment Process for Federal Security Personnel
One goal of this paper is to provide general guidance on security resources for federal information system security officers within a federal agency. Another goal is to provide a basic template or outline for preparing to conduct a risk assessment as part of the agency's electronic and physical systems accreditation and certification process as required by Office of Management and Budget (OMB) Circular No A-130, Appendix III, the Computer Act of 1987, and other federal mandates.
Read the Article
|
Facilitating the Qualitative Security Assessment: Overview of the Process of Defining and Delivering
The result of an effective security assessment is that management is in a better position to make informed decisions concerning the delivery of appropriate security controls for their business processes. It is the intent of this paper to provide an overview of how to involve the appropriate decision makers and the solution providers in the delivery of costeffective security controls for application systems. The primary beneficiary of this overview is the individual who is charged with facilitating the security assessment process.
Read the Article
|
Implementing a Successful Security Assessment Process
The goal of a security assessment, (also known as a security audit or security review), is to ensure that necessary security controls are integrated into the design and implementation of a project. A properly completed security assessment should provide documentation outlining any security gaps between a project design and approved corporate security policies.
Read the Article
|
Vulnerability Assessment Policy
In order to increase the security posture of (COMPANY) and mitigate the threat of security related vulnerabilities (COMPANY) will conduct periodic Vulnerability Assessments. Vulnerability Assessments will assist in the discovery of security vulnerabilities, determine the threat of these vulnerabilities, and assist in decreasing the risk of these security vulnerabilities.
Read the Article
|
