ISSC363 Week1 Forum
ISSC363 Week1 Forum
Popular in Course
verified elite notetaker
Popular in Department
This 0 page Study Guide was uploaded by kimwood Notetaker on Monday November 9, 2015. The Study Guide belongs to a course at a university taught by a professor in Fall. Since its upload, it has received 22 views.
Reviews for ISSC363 Week1 Forum
Report this Material
What is Karma?
Karma is the currency of StudySoup.
You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!
Date Created: 11/09/15
What is a Security Risk Assessment A Risk Assessment that is performed to allow businesses and organizations to assess identify and modify their security posture This enables security operations management and personnel to view the organization from a hacker s perspective The process helps organizations gain management support for modifications to the security posture hardware and software devices to gain protection from outsider threats What elements does it entail Security Risk Assessments include Identifying IT assets threats vulnerabilities the likelihood that vulnerability will be exploited and the impact of the risk Some common actions performed to accomplish these elements are penetration testing war driving social engineering and reverse social engineering Identify Risks to manage Identify controls to mitigate risks Implement and test the controls Evaluate the controls used Does it include or exclude Penetration Testing It does include penetration testing Penetration testing is performed by a CPT that is on staff or an external agency that is certified What types of Security Risk Assessments exists Identify at least 3 There are many types of risk assessments that I read about in our readings Information Security Risk Assessments Network Security Risk Assessments Vulnerability Risk Assessments and Threat Assessments are just a few I can name Here are some real world examples of these Information Security Risk Assessments are conducted by the internally using a program like eEye Retina which scans for known unpatched security vulnerabilities and identifies the hardware and software that is vulnerable to attack allowing Administrators to patch the devices or systems that are vulnerable I also believe that PCIDSS is an example of an Information Security Risk Assessment httpswwwpcisecuritystandardsorgindexphp Network Security Risk Assessments are conducted by penetration testers externally identifying vulnerabilities in network security Vulnerability Risk Assessments are conducted both internally and externally by penetration testers and Ethical Hackers to identify the vulnerabilities that can be exploited essentially plugging security holes in networks of all types It is important to remember that there may be vulnerabilities in both software and hardware
Are you sure you want to buy this material for
You're already Subscribed!
Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'