Security Basics mailing list archives
RE: Risk Assessment
From: Murad Talukdar <talukdar_m () subway com>
Date: Mon, 22 May 2006 15:21:04 +1000
This might help as a start. http://www.iatrp.com/iam.cfm Maybe check out Gartner as well for reports/whitepapers on the threats and any kind of metrics research has turned up. Regards Murad Talukdar -----Original Message----- From: timpacalypse () yahoo com [mailto:timpacalypse () yahoo com] Sent: Friday, May 19, 2006 12:33 AM To: security-basics () securityfocus com Subject: Risk Assessment This is quickly becoming one of my favorite sites ever. Anyway, I posted a message in the Focus on Microsoft List about securing FE/BE Communications in Exchange. I was presented with many options. And with all of those options was a common theme. Risk assessment. I know that people make entire careers out of risk assessment. But I was wondering if anyone could point me to a source that gives a general outline how to quantitatively calculate risk so that something can be presented to management in the form of numbers. It'll be nice to come to someone with something more concrete than..."well, it could happen." Oh yeah, I don't have an IDS or anything so it's not like I can go to them and say this is how many times we get scanned, etc.
Current thread:
- Risk Assessment timpacalypse (May 20)
- RE: Risk Assessment Murad Talukdar (May 23)
- RE: Risk Assessment David Gillett (May 23)