Simple network risk assessment process

Source: Internet
Author: User

Simple network risk assessment process

Network risk assessment in general information security service refers to the following process

1. Asset collection

Collect the specific quantity of objects to be evaluated in the corresponding organization, for example, how many switches are there, ips ids, firewall server IP addresses, etc. It is best to prepare a corresponding table to facilitate subsequent work to develop a project plan.

2: asset assignment
The importance of servers or network devices is assigned as the basis for determining risks and threats for future evaluation (however, skip this process)

3: System Research
Conduct a system survey on the operating environment of servers, network devices, and network topologies

Use of the software environment, for example: for network devices such as windows 2003 asp.net sqlserver 2005 office OA system security settings, you can collect the corresponding software version and enter a questionnaire about the personnel's awareness of network security.

4: vulnerability scan
For short, there will be 3-4 software for General Scanning of missed scanning. Generally, webpage host databases are commonly used, including appscan nessus wvs nsfocus (lumon), skymirror (VENUS), and manual experience judgment.

5: Risk Assessment Report
Manual analysis issues a risk assessment report based on the vulnerability scan results and the potential threats and vulnerabilities of the existing network topology analysis.

6. Rectification comments
Rectification suggestions generally include management host reinforcement in the personnel system webpage code reinforcement database reinforcement security awareness training for personnel who need to add some security devices and so on, which are reflected in the form of documents

7: acceptance after rectification is passed
The project end stage is not nonsense. The key is interpersonal relationship and document sorting.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.