Network risk assessment and general flow

By:redhatd

General Information security services said network risk assessment refer to the following process

1: Asset Collection

To collect the specific quantity of the evaluated objects in the corresponding units such as: How many switch routes ips IDs firewall server IP address and so on the best to make the appropriate table to facilitate follow-up work to develop a project plan

2: Asset Assignment
Assign values to the importance of the server or network device to determine the risk and threat basis for later evaluation (although there are also skipped this process)

3: System Research
For the server and network equipment and network topology operating environment for system research specific operating system software environmental uses such as: Windows 2003 asp.net SQL Server 2005 Office OA system security settings, such as network equipment, such as the collection of the corresponding software version This can also have a personnel network security awareness of the questionnaire need to help fill out

4: Vulnerability Scanning
Short-sweep general scan will have 3-4 software for the general Web page host database is more commonly used AppScan Nessus WVS NSFocus (green Union) Day Mirror (Venus Chen) and artificial experience judgment, etc.

5: Risk Assessment Report
Artificial analysis of potential threats and vulnerabilities based on the results of a vulnerability scan and existing network topology analysis a risk assessment report is issued

6: Rectification Opinion
Rectification recommendations generally include the management of the personnel system to strengthen the Web page code strengthening database reinforcement personnel security awareness training need to add some security equipment, and so much in the form of documents

7: Rectification After the acceptance of qualified
Project closure Stage no nonsense. The key is interpersonal and document grooming