What kind of products can be used to do a security risk assessment?

Security management expert Mike Rothman unveils what kind of software is on the market to help assist a company in the risk assessment process.

This Content Component encountered an error

We are looking to conduct an information systems risk assessment as part of one of the recommendations following a Sarbanes-Oxley review. What software is available to help a medium-sized company (1,000 employees, $1 billion in sales) perform an information security risk assessment? There are a number of product categories you can use to do a risk assessment. But don't be fooled into thinking that a tool will be a panacea to keeping...

your SOX auditors happy.

First, look at vulnerability scanners that can test networks, systems and applications. These are usually three separate product categories, but since any of your systems can be compromised by any attack vector, you'll need all three in order to compile a comprehensive list of what is vulnerable.

You may also want to look at an automated penetration-testing product. There are both open source and commercial options available; these can take vulnerability scanners to the next level and help you determine not only what is vulnerable, but also what can be exploited.

Finally, consider some good old-fashioned elbow grease in your risk assessment as well, in the form of a penetration test performed by humans. This can help you understand both the physical and logical places where your networks and/or systems can be compromised. Software is still evolving and can't really evaluate all of the social engineering techniques that modern-day hackers employ.

So in a nutshell, it's a little more complicated than going down to Best Buy and buying a yellow (or green) box to fix your problems. You'll need to use a variety of tools, assemble and assimilate the results and figure out what is truly at risk. So your most effective software is going to be the OS running in your brain.

Dig deeper on Risk assessment and management in financial institutions

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSecurity

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

ComputerWeekly

Close