Home
Search
Templates Kits
Salary Survey
HandiGuides
Job Descriptions
Policies
Compliance
White Papers
Update Service
Bundles
CIO Infrastructure
Promotions

 

Disaster Business Continuity

Security Policies Procedures

Job Descriptions

IT Salary Survey

 

Janco

RSS Latest 50 items
RSS Latest 25 items
RSS Latest 10 items
RSS Latest 5 items
RSS Historical Feed

Other News

RSS IT Productivity Center
RSS eJobDescription
RSS psrinc
RSS IT-Toolkits
RSS Disaster Planning

 

 

Risk Assessment

Threat Vulnerability Assessment

Sarbanes Oxley Compliance Tool

Risk Assessment - Key to managing Information and IT Security

Threat Vulnerability Assessment

Threat, risk and vulnerability assessment are an objective evaluation of threasts, risks, and vulnerabilities in which assumptions and uncertainties are clearly considered and presented. Part of the difficulty of risk management is that measurement of both of the quantities in which risk assessment is concerned - potential loss and probability of occurrence - can be very difficult to measure. The chance of error in the measurement of these two concepts is large. A risk with a large potential loss and a low probability of occurring is often treated differently from one with a low potential loss and a high likelihood of occurring. In theory, both are of nearly equal priority in dealing with first, but in practice it can be very difficult to manage when faced with the scarcity of resources, especially time, in which to conduct the risk management process.

One of the problems of computer security is deciding on how much security is necessary for proper control of system and network assets. This gets down to the concept of threat assessment or, more specifically, what do you have and who would want it? While it sounds relatively simple to state, it's not that easy to assess corporate network threat unless you approach things in a structured manner.

The Threat Vulnerability Assessment Tool

The Threat Vulnerability Assessment Tool is one component of a series of HandiGuide® Tools that have been created by Janco for use by enterprises of all sizes. Some of the drivers behind the Threat, Risk and Vulnerability Assessment Tool are requirements like those mandated by Sarbanes Oxley, HIPAA, ISO, and PCI-DSS.

For example, Sarbanes Oxley compliance requires enterprises to conduct a risk vulnerability and threat vulnerability assessment. The process concludes with a security vulnerability assessment. Below is a sample of a risk assessement created with the Threat Vulnerability Assessment Tool.

Sample Risk Assessment

Sample Risk Assessment

The Tool comes with a work plan that can be used to conduct the Threat and Vulnerability Assessment as well as a definition of the components of the process including:

  • Administrative Safeguards
  • Logical Safeguards
  • Physical Safeguards

A three (3) page form is included in WORD, EXCEL, and PDF formats. It should be completed for each physical location of the enterprise and for each business application and the location that the application/process is used. Sections of the Tool include the following:

  • Demographics of each physical location,
  • Access to each facility at each physical location,
  • Environmental factors associated with each physical location,
  • IT and business process at each facility,
  • A risk ranking matrix with a scoring mechanism that looks at:
    • Vulnerability as measured by probability of the threat occurring versus,

    • The impact of the loss
    • Rules for scoring the risk.

 

Threat Vulnerability Assessment