Risk Management
- Avoidance
- Avoiding risky activities
- Transference
- Sharing risk with others
- Mitigation
- Applying security controls to reduce risk
- Deterrence
- Applying visible controls to discourage others
- Acceptance
- Choosing not to act on risk
- Residual risk
- Remaining risk after management strategy
WE ARE AWESOME AT Cyber-Information Delivery
Identify common network security components and secure transport protocols, harden networks, and apply monitoring, detection, and remediation insights, techniques and best practices. Begin to increase your awareness NOW!
126
Attacks per second
Global Projects in immediate & Agile effect !
satisfaction rate
193
100%
Quantitative risk assessment values
- SLE – Single loss expectancy is cost of any single loss
- ARO – Annual rate of occurrence is expected number of times given loss may occur per year
- ALE – Annual loss expectancy is expected cost per year from threat (SLE × ARO)
Threat probability
- MTTF – Mean time to failure
- Used for non-serviceable components
- MTTR – Mean time to repair
- MTBF – Mean time between failures
- Used for serviceable components
- MTBSI – Mean time between service incidents
Quantitative risk assessment values
Probability * Impact
Vulnerability Scanning
- Intrusive vs. non-intrusive
- Credentialed vs. non-credentialed
- Goals
- Missing or misconfigured security controls
- Open ports
- Weak passwords or encryption
- Misconfigured security controls
- Unsecured data
- Compromised systems
- Exploitable vulnerabilities
- Unpatched systems
Vulnerability Assessment (VA): Passive
Purpose of Vulnerability Assessment
- Baseline review
- The existing intended security configuration
- Determining attack surface
- All of the software and services installed which can be subject to attack
- All of the software and services installed which can be subject to attack
- Reviewing code
- Reviewing architecture
- Reviewing design