Download Security Risk Management MS PPT here
Download Security Risk Management OCTAVE PPT
here
Download Security Risk Management SCADA PPT
here
Download
Security Risk Management COBRA PPT
here
Many PPT on Risk assessment can be found here and on Risk managment here
Friday, February 29, 2008
Security Risk Management PPT
Thursday, February 14, 2008
The Threats and Countermeasures Guide
Brief Description
Security Settings in Windows Server 2003 and Windows XP
The Threats and Countermeasures guide provides you with a reference to all security settings that provide countermeasures for specific threats against current versions of the Microsoft® Windows® operating systems
Download the guied here
This guide is a companion for two other publications that are available from Microsoft:
• Windows Server 2003 Security Guide, available online at
http://go.microsoft.com/fwlink/?LinkId=14845
• Windows XP Security Guide, available online at
http://go.microsoft.com/fwlink/?LinkId=14839
Additional useful info while Assessing Risk
Asset Classes
For additional information on defining and categorizing information and information systems, refer to National Institute of Standards and Technology (NIST) Special Publication 800-60 workshops, "Mapping Types of Information and Information Systems to Security Categories," and the Federal Information Processing Standards (FIPS) publication 199, "Security Categorization of Federal Information and Information Systems."
for "Common Information System Assets" http://www.microsoft.com/technet/security/guidance/complianceandpolicies/secrisk/srappb.mspx
for "Common Threats"
http://www.microsoft.com/technet/security/guidance/complianceandpolicies/secrisk/srappc.mspx
for examples of "Vulnerabilities"
http://www.microsoft.com/technet/security/guidance/complianceandpolicies/secrisk/srappd.mspx
More info on Security Risk Management
"Microsoft’s approach to risk management and assessment isn’t the only one available to organizations. Some other popular approaches include:
* Risk Management Guide for Information Technology Systems and Security Self-Assessment Guide for Information Technology Systems, both developed by the National Institute for Standards and Technology (NIST)
http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf
http://csrc.nist.gov/publications/nistpubs/800-26/sp800-26.pdf
* Information technology — Code of practice for information security management (ISO 17799), available from the International Standards Organization (ISO).
http://www.iso.org/iso/en/CatalogueDetailPage.CatalogueDetail?CSNUMBER=33441&ICS1=35&ICS2=40&ICS3=
* Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) from Computer Emergency Response Team (CERT) at the Software Engineering Institute at Carnegie-Mellon University.
http://www.cert.org/octave
These resources are also useful in helping you plan and implement an effective risk management solution for your company. But in my opinion, Microsoft’s approach is simple and easy to implement, and is a good starting point, especially for IT shops that are strong on Microsoft platforms. For although the Guide is described by Microsoft as being cross-platform and vendor-neutral in its approach, its prescriptive control solutions target Microsoft products in particular. That doesn’t surprise me however, and in no way reduces the usefulness of this excellent Guide."
Read source...
Subscribe to:
Posts (Atom)
