10-Step Security and Vulnerability Assessment Plan - Slide 3

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12
Next 10-Step Security and Vulnerability Assessment Plan-3 Next

Establish a prioritized assessment schedule.

A security assessment is conducted to determine the degree to which information system security controls are correctly implemented, whether they are operating as intended, and whether they are producing the desired level of security. A vulnerability assessment is conducted to determine the weaknesses inherent in the information systems that could be exploited leading to information system breach. Without security and vulnerability assessments, the potential exists that information systems may not be as secure as intended or desired.

A security assessment policy should apply to all information systems and information system components of a given company. Specifically, it includes:

  • Mainframes, servers and other devices that provide centralized computing capabilities.
  • SAN, NAS and other devices that provide centralized storage capabilities.
  • Desktops, laptops and other devices that provide distributed computing capabilities.
  • Routers, switches and other devices that provide network capabilities.
  • Firewalls, IDP sensors and other devices that provide dedicated security capabilities.

Security and vulnerability assessments should be performed against all information systems on a pre-determined, regularly scheduled basis. While both security and vulnerability assessments may be performed by internal staff on an on-going basis, it is recommended that third parties should be retained periodically to ensure appropriate levels of coverage and oversight.

Info-Tech Research Group has developed the following outline for conducting a thorough assessment.  You can also download their Security Assessment Policy at no cost from the IT Business Edge Knowledge Network.

More Slideshows:

Microsoft Outlook 2010: Eight Great Features
Eight reasons businesses should consider upgrading to Microsoft Outlook 2010.

Contract Negotiation Strategy: Waste Less Time and Get Better Deals

Negotiate contracts with confidence with these tips.

Now Hiring: Top 10 In-Demand Tech Skills
Two-thirds of those surveyed by Dice.com said they had at least one hard-to-fill position available.


Related Topics : Topics

More Slideshows

biometrics Biometrics: Moving Far Beyond Fingerprints

Biometrics are changing the way we think about security. Here are some of the more innovative ways biometrics are being used and what we can expect in the future. ...  More >>

best tablet apps Five Best Apps for Business Travelers

When heading out for a business trip, there are a variety of apps travelers can use to ease the traditional pain-points of being on the road. ...  More >>

SDN SDN in 2014: More Adoption and More Money for Vendors

The SDN market is still a relatively young one, and 2014 is likely to be a year of growth as technologies mature and vendors aim to deliver on their promises. ...  More >>

Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.