A Perspective on Threats in the Risk Analysis Process

by Arthur Nichols
Sept. 1, 2017 0 comments SANS Institute Pen Testing & Audits auditing & assessment

Companies are opening their intranet to customers, partners, and suppliers and as companies move their business functions from their local area networks (LANs) to the public and global Internet, the possibility of network intrusion and data theft can grow at a rapid pace. Knowing where and how these intrusions take place can be a daunting task. However, determining key assets and securing these assets from unauthorized intrusion is critical to the operation of any organization. If these assets are left unaccounted for and unprotected, this could affect the mission of the company or organization. As Dr. David Brewer points out in his paper, Easy ways to manage your risk, “The traditional approach to risk management - scope the problem, determine your information security policy, perform the risk assessment and manage the risks - survives in today's technologically advanced world with carefully crafted scoping and security policy statements and the addition of a new feedback loo...

https://www.sans.org/reading-room/whitepapers/auditing/perspective-threats-risk-analysis-process-63