Re: Security Grade

From: lauren.malhoit@tylertech.com
Date: Fri Dec 07 2007 - 08:03:03 EST

Next message: ahgaber_rehan@yahoo.com: "Pen Test Vendor"
Previous message: Abdullah.Yousief@Gmail.com: "Cain & Able man in the middle attack"
Maybe in reply to: 11ack3r: "Security Grade"
Next in thread: Eddie Block: "Re: Security Grade"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

('binary' encoding is not supported, stored as-is) I think it's all pretty relative. Microsoft recommends doing either a qualitative risk analysis or quantitative (or both). In one case you assign the odds of the risk of a specific attack a number (1-10) and assign the severity of the risk a number (ie will it cause business to shut down or something). Then you multiply those two numbers and it gives you a risk assessment. In the other case, you take the actual money (both directly and indirectly) that might be lost and multiply that times however many times that would probably happen in a year.

It's a little more scientific than that (although not much), but you get the gist.

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

Next message: ahgaber_rehan@yahoo.com: "Pen Test Vendor"
Previous message: Abdullah.Yousief@Gmail.com: "Cain & Able man in the middle attack"
Maybe in reply to: 11ack3r: "Security Grade"
Next in thread: Eddie Block: "Re: Security Grade"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:14 EDT