Information security is about reducing risk. Therefore, risk management activities must be conducted to identify potential problems and prepare for them. Different security management tools exist to help us determine the risk of these systems. These tools can take data from various security tools such as Nessus and Snort, perform some form of analysis (trend analysis, risk calculations, etc) and generate reports. However, to full take advantage of these systems, they must be configured with the criticality values of the various systems.
Unfortunately, there does not seem to be any foolproof methods for calculating asset values.
My presentation provides a possible guideline to measure relative asset values. This will aid in prioritizing remediation.
Loading ...
Recent Comments