Question

  Asked: Jun 26 2008   7:24 AM GMT
  Asked by: M2008


virus malware spyware


Information security governance, Risk analysis, Risk assessment, Security threats, Spyware, malware, Viruses

I want to how to conduct a risk assessment to protect our pcs, networks

Subscribe to Alerts! Get questions and answers delivered to your Inbox.


E-mail me updates on this question



   SUBSCRIBE

hidden modal window

Answer Wiki (Improve, edit or add to this answer)


 RATE THIS ANSWER
0
Click to Vote:
  •   0
  •  0



Check out these search results from SearchSecurity.com.
  • AddThis Social Bookmark Button

Browse more Questions and Answers on Security.

Looking for relevant Security Whitepapers? Visit the SearchSecurity.com Research Library.


Discuss This Answer


You must be logged-in to discuss a question. Log-in/Register

Bobkberg  |   Jun 26 2008  4:15PM GMT

Before you get too far, I’d ask management (assuming that they asked you to do this), what sorts of risks they are looking for. Here are some basic areas - each of those divides into many more.

1) Physical - Dust, dirt, lack of cooling, dirty electricity, safety of equipment and personnel
2) Unpatched (and therefore vulnerable) workstations and servers, Event logs checks for important problems - disk failure, time synch errors, file system integrity.
3) Poor security configurations (no controls on passwords, file sharing, wide-open firewall, etc.)
4) Poor security awareness on the part of staff - i.e. has everyone been trained on what’s good and bad?
5) State of cleanliness/infection from a virus and spyware point of view.

Also - check out the SANS reading room at <a href="http://www.sans.org." rel="nofollow">www.sans.org.</a> Lots of good material there too.

Bob

 

Paolaas  |   Aug 7 2008  2:47PM GMT

Try to classify the data you would like to assess. With your classification as a basis, you know which data is vital for your organisation, and needs to be well protected and which data is more or less public.

Classification in ITIL terms are confidentiality, integrity and availability. Re your local legislation, confidentiality refers to any privacy legislation local or, if applicable, European Union acts. With integrity you ensure the completeness and timelyness of your data and availability has to do with the continuity of your data.

Let me know if there is anything I can help you with.