Question

In: Computer Science

Discuss the processes involved with security assessments. What types of analysis is performed with this assessment?

Discuss the processes involved with security assessments. What types of analysis is performed with this assessment?

Solutions

Expert Solution

Process Involved in security assessments-

  1. Identification. Determine all critical assets of the technology infrastructure. Next, diagnose sensitive data that is created, stored, or transmitted by these assets. Create a risk profile for each.
  2. Assessment. Administer an approach to assess the identified security risks for critical assets. After careful evaluation and assessment, determine how to effectively and efficiently allocate time and resources towards risk mitigation. The assessment approach or methodology must analyze the correlation between assets, threats, vulnerabilities, and mitigating controls.
  3. Mitigation. Define a mitigation approach and enforce security controls for each risk.
  4. Prevention. Implement tools and processes to minimize threats and vulnerabilities from occurring in your firm’s resources.

The different security assessment types are:

  1. Vulnerability Assessment: A significant security assessment type, vulnerability assessment involves identifying, quantifying, prioritizing, and classifying vulnerabilities and threats in a system or its environment, while offering information to rectify them.
  2. Penetration Assessment: Penetration test or pen test, as it is commonly known, is a process of intentionally, yet safely, attacking the system and exploiting its vulnerabilities, to identify its weakness as well as strength. Pen test helps validate the effectiveness of various security measures implemented in the system, as well as its adherence to security policies.
  3. Red Team Assessment: Though quite similar to penetration assessment, red team assessment is more targeted than the former. It identifies the vulnerabilities in the system as well as gapes across an organization’s infrastructure and defense mechanism. In short, the objective of this assessment is to test an organization’s detection and response capabilities.
  4. Security Audit: Security audit is an extensive and thorough overview of an organization’s security systems and processes. It offers in-depth reviews of system’s physical attributes as well as identifies gaps in the security policies, and conducts major vulnerability assessments. This is an extremely important type of assessment, as it validates conformance with standard security policies.
  5. White/Grey/Black-Box Assessment: Though grouped together, these assessments cater to different attributes of the system as well as organization’s infrastructure. They indicate the quantitative and qualitative estimation of the internal information shared with the tester. In white-box assessment the tester has full knowledge of the internal workings of the application or the system. Whereas, in gray-box assessment limited information is shared with the tester. In black-box assessment the internal information of the system as well as its environment is not required, moreover, this is performed from the perspective of the hacker.
  6. Risk Assessment: During this type of security assessment, potential risks and hazards are objectively evaluated by the team, wherein uncertainties and concerns are presented to be considered by the management. Additionally, it brings the current level of risks present in the system to the one that is acceptable to the organization, through quantitative and qualitative models.
  7. Threat Assessment: Threat assessment is the process of identifying, assessing, and managing potential threats, and determining their credibility as well as seriousness. It measures the probability of detected threats becoming a real risk. In short, this assessment type is quite different from others as it is more focused on physical attacks rather than making assumptions.
  8. Threat Modelling: Threat modelling is a process of apprehending and reporting vulnerabilities, risks and threats, by evaluating risks from the perspective of the hacker. It helps identify, enumerate and prioritize issues and risks, while assessing their impact on the system’s functioning.
  9. Bug Bounty: Bug bounty is the most effective way of finding security vulnerabilities in the system. It comprises various professional testers, who test the system for any security breaches and issues through thorough assessment.

Related Solutions

Discuss the three processes involved with technological advancement?
Discuss the three processes involved with technological advancement?
In A BRADING agency specifically,   What types of marketing, selling, and human resources analysis are performed...
In A BRADING agency specifically,   What types of marketing, selling, and human resources analysis are performed (cost system, evaluation of consumers, needs, product strategy, distribution strategy, promotional strategy)?
Quantitative and Qualitative Risk Assessments What’s the recommendation by the risk assessment team? What are the...
Quantitative and Qualitative Risk Assessments What’s the recommendation by the risk assessment team? What are the final decisions made by HGA management? Justify their decisions based on cost benefit analysis. PLEASE MAKE COPY PASTE AVAILABLE MUST BE 250 WORDS
Discuss the following processes/issues regarding qualitative data analysis: Preliminary processes to analysis and the manner in...
Discuss the following processes/issues regarding qualitative data analysis: Preliminary processes to analysis and the manner in which they best enhance qualitative data analysis.
What is a network security assessment? The process of judging a security solution The process of...
What is a network security assessment? The process of judging a security solution The process of testing a security solution The process of evaluating a deployed security solution All of these are correct
Your Assessment: Basically, I want you to know the types of issues these groups are involved...
Your Assessment: Basically, I want you to know the types of issues these groups are involved in and whether they are generally supporters of liberals or conservatives, or are non-ideological. If you were to be given an issue, you should know which interest groups would be involved. For example, if the issue is an affordable medication for seniors, you should be able to identify AARP as a group (among others) who advocate for this issue. The groups with an asterisk...
what are the processes and organs involved in drug metabolism and elimination?
what are the processes and organs involved in drug metabolism and elimination?
● Discuss the types of financial institutions involved in the financial market and the markets they...
● Discuss the types of financial institutions involved in the financial market and the markets they serve. Be sure to distinguish between the primary and secondary markets and the money and capital markets. ● Discuss what it means when it is said that markets are “efficient” and include an explanation of whether this seems true today. ● Discuss the role of regulators in the financial market. Your discussion should include information about the importance of accounting as a key to...
Discuss Cyber Security as it relates to the role of the US government. Discuss Cyber Security as it relates to the responsibilities of the individuals who are involved in creating the technology.
(a) – Discuss Cyber Security as it relates to the role of the US government. (b)– Discuss Cyber Security as it relates to the responsibilities of the individuals who are involved in creating the technology.  
​​​​​​Discuss how to perform cost control based on the processes involved in cost management. In details...
​​​​​​Discuss how to perform cost control based on the processes involved in cost management. In details and what is the best ways possible.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT