Home > Ask the Security Channel Experts > Information Security Threats and Countermeasures Questions & Answers > Threat matrix and risk analysis resources
Ask The Security Channel Expert: Questions & Answers
EMAIL THIS

Threat matrix and risk analysis resources

Retired Expert - Russell Dean Vines EXPERT RESPONSE FROM: Retired Expert - Russell Dean Vines

Pose a Question
Other Security Channel Categories
Meet all Security Channel Experts
Become an Expert for this site


Security Channel Update
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


>
QUESTION POSED ON: 15 May 2007

I need to come up with a matrix of threats and countermeasures so I can start doing a risk analysis of what we can be exposed to in my customer's infrastructure environment. Do you have any ideas or tips on how I can get that info?


>
EXPERT RESPONSE

There are many sources available to help you compile a threat matrix. Many books are written on the subject, as well as numerous web resources, to help you create a risk analysis (RA) matrix. WBDG has a good one, and the NIST publication 800-30 (.pdf) has been around for awhile, but it's still useful.

But before you start to focus on the countermeasures part, you'll need to understand the difference between a threat and a vulnerability to create a framework that makes this differentiation. Once you've compiled those, identify the company assets that would be affected, and rate the severity if a realized threat impacts the asset. Dr. Krutz' and my latest text, The CISSP and CAP Prep Guide: Platinum Edition, explains a high level approach to RA, defines various rate-of-occurrence formulae and provides a template matrix for threat/vulnerability/asset rating.


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


RELATED CONTENT
Information Security Threats and Countermeasures
Security for mobile broadband
Understanding smurf attacks
What are the network security risks of streaming video?
Spyware removal from computers
Malware removal without antivirus software
Blade server security on a storage area network (SAN)
Blade server security hardware advice
Cross-site scripting vulnerability penetration testing
When should automated penetration testing be supplemented with manual pen testing?
Protecting your customer's Windows 2003 server from hackers

More resources
How can service providers help with IT risk management?

Security Risk Analysis and Risk Management
How to generate revenue from unified threat management
Unified threat management: Migration and management techniques
Unified threat management: An intro for solution providers
Podcast with Dr. Paul Rohmeyer on choosing a remote management platform
Have you created a map of the to-be architecture?
How will you leverage the remote management platform architecture to demonstrate controls effectiveness?
How does the remote management platform complement your existing architecture?
What is your business and what are the data risks?
How will you monitor for unknown threats with the remote management system?
How will you gather the data from the remote management platform?

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
Browse our Expert Advice

HomeTopicsITKnowledge ExchangeTipsMultimediaWhite PapersBlogsEvents
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2006 - 2008, TechTarget | Read our Privacy Policy
  TechTarget - The IT Media ROI Experts