Check out these <a href="http://searchsecurity.techtarget.com/search/1,293876,sid14,00.html?query=risk+assessment&x=0&y=0">search results</a> from SearchSecurity.com.
-----------
Conducting risk assessment could not be predicted right away. This is because virus or any other malware programs could attack anytime with a single click or press of your keyboard. The most important thing you have to consider is to make sure that you have the latest antivirus software in a full license and constantly scan your computer system for possible threats.
=============
The best factors you have to consider in your risk assessment procedure for the effective protection of your computer are the following.
-Antivirus Software
-Firewall
-Operating System Updates
-Restrictions
Last Wiki Answer Submitted: January 30, 2012 8:31 am by Markempee2,130 pts.
All Answer Wiki Contributors: Markempee2,130 pts. ,
Labnuke9932,645 pts.
If you live outside the United States, by submitting your email address you consent to having your personal data transferred to and processed in the United States.
Before you get too far, I’d ask management (assuming that they asked you to do this), what sorts of risks they are looking for. Here are some basic areas – each of those divides into many more.
1) Physical – Dust, dirt, lack of cooling, dirty electricity, safety of equipment and personnel
2) Unpatched (and therefore vulnerable) workstations and servers, Event logs checks for important problems – disk failure, time synch errors, file system integrity.
3) Poor security configurations (no controls on passwords, file sharing, wide-open firewall, etc.)
4) Poor security awareness on the part of staff – i.e. has everyone been trained on what’s good and bad?
5) State of cleanliness/infection from a virus and spyware point of view.
Also – check out the SANS reading room at http://www.sans.org. Lots of good material there too.
Try to classify the data you would like to assess. With your classification as a basis, you know which data is vital for your organisation, and needs to be well protected and which data is more or less public.
Classification in ITIL terms are confidentiality, integrity and availability. Re your local legislation, confidentiality refers to any privacy legislation local or, if applicable, European Union acts. With integrity you ensure the completeness and timelyness of your data and availability has to do with the continuity of your data.
Let me know if there is anything I can help you with.
Before you get too far, I’d ask management (assuming that they asked you to do this), what sorts of risks they are looking for. Here are some basic areas – each of those divides into many more.
1) Physical – Dust, dirt, lack of cooling, dirty electricity, safety of equipment and personnel
2) Unpatched (and therefore vulnerable) workstations and servers, Event logs checks for important problems – disk failure, time synch errors, file system integrity.
3) Poor security configurations (no controls on passwords, file sharing, wide-open firewall, etc.)
4) Poor security awareness on the part of staff – i.e. has everyone been trained on what’s good and bad?
5) State of cleanliness/infection from a virus and spyware point of view.
Also – check out the SANS reading room at http://www.sans.org. Lots of good material there too.
Bob
Try to classify the data you would like to assess. With your classification as a basis, you know which data is vital for your organisation, and needs to be well protected and which data is more or less public.
Classification in ITIL terms are confidentiality, integrity and availability. Re your local legislation, confidentiality refers to any privacy legislation local or, if applicable, European Union acts. With integrity you ensure the completeness and timelyness of your data and availability has to do with the continuity of your data.
Let me know if there is anything I can help you with.