Home Services Support Partners Solutions Company Contact Us Members
   
 

» Services
  › Consulting
  › System Management
  › Security
  › Training
  › Software & Web Solutions

» Support
  › Site Support
  › Request Info

» Partners
  › Become a Partner
  › Partner Listing
  › Affiliations  

» Company
  › Customer Success Stories
  › Internet Usage Statistics
  › White Papers & Reviews

 
 

  Quick Links
› Software & Web Solutions
› Security
› Enterprise Solutions
› Training

 

 

 

 


Search Engine Optimization and Free Submission

 

A key success factor for the establishment of a secure infrastructure involves developing an effective security risk management process.

Security is a balance between maintaining the ease of use of resources in your organization and controlling access to those resources. Putting together a security program that restricts both users and attacks can be time consuming and costly. A security program that pushes the balance too far toward control may disgruntle users with policies that limit them from effectively doing their work.

● Security requirements for assets. Define all the components of your organization's infrastructure that require any level of protection, including systems, networks, applications, and business data. Asset valuation needs to be assessed both in a quantitative and qualitative fashion to properly plan for countermeasures or safeguards.

● Threat analysis. Create a list of known exploits and determine the likelihood of a potential threat arising from each one. An exploit is a means that may be utilized by a threat to make use of a vulnerability in your environment. A compiled list of the top threat agents in your environment is required to perform a proper threat analysis. A threat is any potential danger to information or the systems in your environment. A threat agent is the person or process attacking the network through a vulnerable port on the firewall, or a process used to access data in a way that violates your security policy.

● Exposures identification. Analyze the percentage of asset loss caused by each identified threat. Identifying and defining the potential value loss of each exposure is a crucial component in security risk analysis.

● Vulnerability assessment. Develop a comprehensive list of all known vulnerabilities that can be used against those assets that require some level of protection. A vulnerability is any weakness in an information system or its components (for example, system security procedures, hardware design, software design, and internal controls) that could be exploited.

● Countermeasure development. Develop an appropriate security risk countermeasure that makes good business sense, meaning that it is cost-effective for guarding the assets in your organization.

● Penetration testing. Use penetration testing to help identify ways that an unauthorized individual could gain access to the organization. Common penetration testing methods include:

● External resource scanning to identify potential targets to compromise.

● War pinging to identify unsecured IP addresses. War pinging is a tool used by a hacker to find a range of IP numbers and find out what numbers are in use or what numbers answer within the set time. These results can be saved as .csv files and imported into databases.

● Social engineering to locate individuals who may be tricked into revealing their passwords or some form of security information that would accidentally provide classified information.

● Building penetration to determine whether physical access to the facility can be easily obtained.

 
CONTACT US
COPYRIGHT © 2004 Carolina Information Technology Consulting, Inc.
ALL RIGHTS RESERVED