Facilitating the Qualitative Security Assessment: Overview of the Process of Defining and Delivering
The Security Assessment represents a process that is used to help ensure that the appropriate security measures are identified and applied to meet management's expectations for a secure and trusted computing environment. There are two aspects of this process that contribute to its success. The first is the need to provide management with a clear understanding of the security issues and the related threats that impact the processes they are responsible for. The second aspect involves the identification and delivery of solution options and their associated costs, offered by appropriate, qualified solution providers. The result of an effective security assessment is that management is in a better position to make informed decisions concerning the delivery of appropriate security controls for their business processes. It is the intent of this paper to provide an overview of how to involve the appropriate decision makers and the solution providers in the delivery of cost-effective security controls for application systems. The primary beneficiary of this overview is the individual who is charged with facilitating the security assessment process.
431 (PDF, 1.71MB)
3 Apr 2003Related Content
Metrics-Driven Information Security Framework as Part of Information Security Management
Research PaperThis paper presents a model of creating an actual accurate metrics-based security reporting model that is tied closely to the security management model used at the company.
- 22 Mar 2022
Denial of Service Deterrence
Research PaperDenial of Service has been a very useful practice for attackers and continues to remain prevalent...
- 1 Apr 2015
Practical El Jefe
Research PaperEl Jefe is open source process monitoring software for Windows. With this tool, incident handlers...
- 31 Mar 2015
Using Influence Strategies to Improve Security Awareness Programs
Research PaperEven companies with extensive, well-funded security awareness programs fall victim to attacks...
- 25 Oct 2013
Talking Out Both Sides of Your Mouth: Streamlining Communication via Metaphor
Research PaperAs Security is a relatively new field, we are still learning how to communicate what we know with...
- 4 Oct 2013
Information Risks and Risk Management
Research PaperThis brief will cover the various exposures that companies now face as they increasingly rely on...
- 1 May 2013
Surfing the Web Anonymously - The Good and Evil of the Anonymizer
Research PaperCompanies of all sizes spend large amounts of time, resources, and money to ensure that their...
- 8 Oct 2012
Robots.txt
Research PaperAlthough this GIAC gold paper is not about search engine optimization, or SEO, this paper will...
- 31 May 2012
A Process for Continuous Improvement Using Log Analysis
Research PaperGood security is a moving target. Walls and castles were once good defenses against attackers, but...
- 26 Oct 2011
Measuring Psychological Variables of Control In Information Security
Research PaperThe effects of an individual's personal feelings of control over aspects of their health have been...
- 12 Jan 2011
Which Disney(c) Princess are YOU?
Research PaperSocial engineering for identity theft has always been around. But now, with the advent of social...
- 18 Mar 2010
Prelude as a Hybrid IDS Framework
Research PaperOrganizations both Large and Small are constantly looking to improve their posture on security....
- 24 Mar 2009
The Importance of Security Awareness Training
Research PaperOne of the best ways to make sure company employees will not make costly errors in regard to...
- 14 Jan 2009
Vendor-Supplied Backdoor Passwords - A Continuing Vulnerability
Research PaperVendor-Supplied Backdoor Passwords - A Continuing Vulnerability
- 26 Sep 2008
Making Security Awareness Efforts Work for You
Research PaperMaking Security Awareness Efforts Work for You
- 20 May 2008
The Controlled Event Framework for Information Asset Security
Research PaperThe Controlled Event Framework for Information Asset Security
- 20 Feb 2008
Data Leakage - Threats and Mitigation
Research PaperData Leakage - Threats and Mitigation
- 24 Oct 2007
Identity Theft
Research PaperThe act of identity theft can be performed by anyone, it could be family, friends or spouses. The...
- 2 Jul 2007
Social Engineering Your Employees to Information Security
Research PaperThis paper will examine the role and value of Information Security Awareness efforts in the...
- 19 Dec 2006
Building a Security Policy Framework for a Large, Multi-national Company
Research PaperInformation Security is not just technology. It is a process, a policy, and a culture. Our...
- 5 May 2005