Chapter 8: Summary

Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

Previous Chapter

Summary (5/5)

Next Chapter

Appendices

185

Chapter 8

Summary

This book has been designed to assist the security professional in understand-

ing what must be done to conduct a network vulnerability assessment (NVA).

Because no organization has unlimited resources to devote to security, we

attempted to divide the tasks into manageable portions. Because budgets are

always strained, we attempted to show the security and audit professional

where to get the tools that would be effective and as cheap as possible.

Most failed projects come to grief because the scope of the project was

poorly deﬁned to begin with, or because the scope was not managed well.

We attempted to discuss Project Overview Statements and the Project Scope

Document for a Network Vulnerability Analysis. We looked at the processes

needed to gather the information for the Project Overview Document. We also

presented how to manage scope change.

To be successful, the NVA team will have to identify what network security

concerns have the highest priority. This will allow the team to focus on those

threats and risks that can cause the enterprise the most damage. Understanding

that the security concerns include personnel and the physical as well as

technical issues will ensure the most comprehensive assessment prospect.

Establishing a team that represents the enterprise will also add to the

creditability of the assessment results. Using enterprise personnel will ensure

that those individuals with the most intimate knowledge of how the network

works and how it is supposed to work will have input into the report. Our

goal in assessing needs was to ensure that the assembled team had the greatest

chance for success. Establishing a team that represents the enterprise will also

add to the creditability of the assessment results. Using enterprise personnel

will ensure that those individuals with the most intimate knowledge of how

the network works and how it is supposed to work will have input into the

report. Some of our best and most knowledgeable network users come from

business units.

186 Managing Network Vulnerability Assessment

Use all the resources available to plot out what threats will be addressed.

Do your research to gather signiﬁcant issues and then prioritize these risks

based on probability of occurrence and impact to the enterprise or network.

Concentrate on those issues that will bring the biggest impact to your orga-

nization. Use your team to identify additional items and measure their speciﬁc

impact.

Developing a checklist will assist the NVA team in ensuring that basic

security controls are examined. Do not just use the checklist. Listen and ask

questions and be ready to include additional information into the examination

process.

A network vulnerability assessment can take a considerable amount of time

to complete. Divide the total mission into manageable chunks and then begin

the process. Complete one phase before moving on to the next. Be sure to

get support from the infrastructure groups; this will make the task easier.

Remember that it is not your NVA, it is the NVA of the organization.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for Chapter 8: Summary

Create new playlist

Sign In

Sign Up

Table of Contents for
Chapter 8: Summary