
	Home > Ask the Security Channel Experts > Information Security Threats and Countermeasures Questions & Answers > Threat matrix and risk analysis resources

Ask The Security Channel Expert: Questions & Answers

EMAIL THIS

Threat matrix and risk analysis resources

QUESTION:
I need to come up with a matrix of threats and countermeasures so I can start doing a risk analysis of what we can be exposed to in my customer's infrastructure environment. Do you have any ideas or tips on how I can get that info?

RELATED CONTENT

	Information Security Threats and Countermeasures
	Security for mobile broadband
	Understanding smurf attacks
	What are the network security risks of streaming video?
	Spyware removal from computers
	Malware removal without antivirus software
	Blade server security on a storage area network (SAN)
	Blade server security hardware advice
	Cross-site scripting vulnerability penetration testing
	When should automated penetration testing be supplemented with manual pen testing?
	Protecting your customer's Windows 2003 server from hackers

More resources

How can service providers help with IT risk management?

Business risk assessment and risk analysis

How to help customers maintain security vigilance after budget cuts

Managed services, outsourcing offer relief during economic downturn

Loss leaders: Security products and services to get a foot in the door

Getting to know the NERC CIP standards

The intersection of security and disaster recovery

Remote vulnerability scanning: Process, roles and responsibilities

How to perform a network security audit for customers

Creating your checklist and Summary

How to generate revenue from unified threat management

Unified threat management: Migration and management techniques

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Retired Expert - Russell Dean Vines EXPERT RESPONSE FROM: Retired Expert - Russell Dean Vines

Pose a Question

Other Security Channel Categories

Meet all Security Channel Experts

Become an Expert for this site

ANSWERED May 2007:

There are many sources available to help you compile a threat matrix. Many books are written on the subject, as well as numerous web resources, to help you create a risk analysis (RA) matrix. WBDG has a good one, and the NIST publication 800-30 (.pdf) has been around for awhile, but it's still useful.

But before you start to focus on the countermeasures part, you'll need to understand the difference between a threat and a vulnerability to create a framework that makes this differentiation. Once you've compiled those, identify the company assets that would be affected, and rate the severity if a realized threat impacts the asset. Dr. Krutz' and my latest text, The CISSP and CAP Prep Guide: Platinum Edition, explains a high level approach to RA, defines various rate-of-occurrence formulae and provides a template matrix for threat/vulnerability/asset rating.

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

SEARCH

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2006 - 2010, TechTarget \| Read our Privacy Policy