Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Risk Assessment

From: Murad Talukdar <talukdar_m () subway com>
Date: Mon, 22 May 2006 15:21:04 +1000
This might help as a start.
http://www.iatrp.com/iam.cfm
Maybe check out Gartner as well for reports/whitepapers on the threats and
any kind of metrics research has turned up.

Regards
Murad Talukdar

-----Original Message-----
From: timpacalypse () yahoo com [mailto:timpacalypse () yahoo com] 
Sent: Friday, May 19, 2006 12:33 AM
To: security-basics () securityfocus com
Subject: Risk Assessment

This is quickly becoming one of my favorite sites ever.  

Anyway, I posted a message in the Focus on Microsoft List about securing
FE/BE Communications in Exchange.  I was presented with many options.  And
with all of those options was a common theme.  Risk assessment.  

I know that people make entire careers out of risk assessment.  But I was
wondering if anyone could point me to a source that gives a general outline
how to quantitatively calculate risk so that something can be presented to
management in the form of numbers.  It'll be nice to come to someone with
something more concrete than..."well, it could happen."  

Oh yeah, I don't have an IDS or anything so it's not like I can go to them
and say this is how many times we get scanned, etc.
Previous By Date Next
Previous By Thread Next

Current thread: