dcsimg

10-Step Security and Vulnerability Assessment Plan

  • 10-Step Security and Vulnerability Assessment Plan

    10-Step Security and Vulnerability Assessment Plan-

    Create an assessment implementation plan.

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12

10-Step Security and Vulnerability Assessment Plan

  • 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12

A security assessment is conducted to determine the degree to which information system security controls are correctly implemented, whether they are operating as intended, and whether they are producing the desired level of security. A vulnerability assessment is conducted to determine the weaknesses inherent in the information systems that could be exploited leading to information system breach. Without security and vulnerability assessments, the potential exists that information systems may not be as secure as intended or desired.

A security assessment policy should apply to all information systems and information system components of a given company. Specifically, it includes:

  • Mainframes, servers and other devices that provide centralized computing capabilities.
  • SAN, NAS and other devices that provide centralized storage capabilities.
  • Desktops, laptops and other devices that provide distributed computing capabilities.
  • Routers, switches and other devices that provide network capabilities.
  • Firewalls, IDP sensors and other devices that provide dedicated security capabilities.

Security and vulnerability assessments should be performed against all information systems on a pre-determined, regularly scheduled basis. While both security and vulnerability assessments may be performed by internal staff on an on-going basis, it is recommended that third parties should be retained periodically to ensure appropriate levels of coverage and oversight.

Info-Tech Research Group has developed the following outline for conducting a thorough assessment.  You can also download their Security Assessment Policy at no cost from the IT Business Edge Knowledge Network.

More Slideshows:


Microsoft Outlook 2010: Eight Great Features
Eight reasons businesses should consider upgrading to Microsoft Outlook 2010.


Contract Negotiation Strategy: Waste Less Time and Get Better Deals

Negotiate contracts with confidence with these tips.


Now Hiring: Top 10 In-Demand Tech Skills
Two-thirds of those surveyed by Dice.com said they had at least one hard-to-fill position available.