[Home] [Catalog] [Category] [Previous Item] [Next Item] [Checkout] [Review Cart] [Button]
[Logo Image]

Disaster Prevention & Avoidance

Threat Vulnerability Assessment Tool

[Item Image]
Threat Vulnerability Assessment Template -
Sarbanes Oxley Compliance Tool, by Janco
Associates. Excel template.
By Janco Associates


Threat, risk and vulnerability assessment are an objective evaluation of threats,
risks, and vulnerabilities in which assumptions and uncertainties are clearly
considered and presented.

Part of the difficulty of risk management is that measurement of both of the
quantities in which risk assessment is concerned - potential loss and probability of
occurrence - can be very difficult to measure. The chance of error in the
measurement of these two concepts is large. A risk with a large potential loss and
a low probability of occurring is often treated differently from one with a low
potential loss and a high likelihood of occurring. In theory, both are of nearly equal
priority in dealing with first, but in practice it can be very difficult to manage when
faced with the scarcity of resources, especially time, in which to conduct the risk
management process.

One of the problems of computer security is deciding on how much security is
necessary for proper control of system and network assets. This gets down to the
concept of threat assessment or, more specifically, what do you have and who
would want it? While it sounds relatively simple to state, it's not that easy to
assess corporate network threat unless you approach things in a structured

Some of the drivers behind the Threat, Risk and Vulnerability Assessment Tool are
requirements like those mandated by Sarbanes Oxley, HIPAA, ISO, and PCI-DSS.

For example, Sarbanes Oxley compliance requires enterprises to conduct a risk
vulnerability and threat vulnerability assessment. The process concludes with a
security vulnerability assessment.

The Tool comes with a work plan that can be used to conduct the Threat and
Vulnerability Assessment as well as a definition of the components of the process

* Administrative Safeguards
* Logical Safeguards
* Physical Safeguards

A three (3) page form is included in WORD, EXCEL, and PDF formats. It should be
completed for each physical location of the enterprise and for each business
application and the location that the application/process is used. Sections of the
Tool include the following:

* Demographics of each physical location,
* Access to each facility at each physical location,
* Environmental factors associated with each physical location,
* IT and business process at each facility,
* A risk ranking matrix with a scoring mechanism that looks at:
- Vulnerability as measured by probability of the threat occurring versus,
- The impact of the loss
- Rules for scoring the risk

= = = = = = = = = = = = = = = = = = = = = =
We will always ship the most current edition available. If a new edition is imminent,
we will check with you before shipping.
= = = = = = = = = = = = = = = = = = = = = =

Delivered by email or download.
Order #DR808
[Home] [Catalog] [Category] [Previous Item] [Next Item] [Checkout] [Review Cart] [Button]

Rothstein Associates Inc.

4 Arapaho Rd.
Brookfield, CT 06804-3104 USA
1-888-ROTHSTEin; (888.768.4783)
Telephone: 203.740.7444; 888.768.4783
Fax: 203.740.7401
E-Mail: info@rothstein.com

"Keep Me Posted"

Business Survival Newsletter

Rothstein Associates, Inc. is a BBB Accredited Business. Click for the BBB Business Review of this Financial Planning Consultants in Brookfield CT

SecurityMetrics for PCI Compliance, QSA, IDS, Penetration Testing, Forensics, and Vulnerability Assessment

Contact Us | The Rothstein Catalog on Disaster Recovery | The Rothstein Catalog on Service Level Books
Original Feature Articles | Disaster Recovery Forum | Today's Industry News | Links to Industry Web Sites
Management Consulting Services | Business Survival ™ Newsletter Business Survival ™ Weblog (New!)
‘Keep Me Posted’ | Privacy Policy | Site Map | RSS Feed | Rothstein Publishing


E-mail Rothstein Associates Inc.