登录查看更多内容

How do you monitor and update network security risk assessment over time?

由人工智能和领英社区提供技术支持

Network security risk assessment is a process of identifying, analyzing, and evaluating the potential threats and vulnerabilities that could affect your network and its assets. It helps you prioritize and mitigate the risks, comply with regulations, and improve your network performance and resilience. In this article, you will learn how to conduct a network security risk assessment in six steps, and how to monitor and update it over time.

此文章中的业界达人

由社区从 6 条内容中精选。了解更多

1 Step 1: Define the scope and objectives

Before you start assessing the risks, you need to define the scope and objectives of your network security risk assessment. The scope determines the boundaries and limitations of your assessment, such as the network segments, devices, applications, data, and users that you will include or exclude. The objectives define the purpose and expected outcomes of your assessment, such as the compliance requirements, security standards, or business goals that you want to achieve or align with.

添加您的观点

2 Step 2: Identify the assets and threats

The next step is to identify the assets and threats that are relevant to your network security risk assessment. Assets are the valuable resources that you want to protect, such as hardware, software, data, or services. Threats are the potential sources of harm or damage to your assets, such as hackers, malware, natural disasters, or human errors. You can use various methods and tools to inventory your assets and threats, such as network scanning, asset management, threat intelligence, or interviews.

添加您的观点

3 Step 3: Analyze the vulnerabilities and impacts

After identifying the assets and threats, you need to analyze the vulnerabilities and impacts that could result from a successful attack or incident. Vulnerabilities are the weaknesses or gaps in your network security that could be exploited by threats, such as outdated software, misconfigured settings, or lack of encryption. Impacts are the negative consequences or losses that could affect your network or business, such as downtime, data breach, or reputation damage. You can use various methods and tools to assess your vulnerabilities and impacts, such as vulnerability scanning, penetration testing, impact analysis, or risk matrices.

添加您的观点

Jayson Telford

[CEH, CySA+, Sec+, CSAP] Security Researcher, HTB Ranked: Hacker
举报内容
Another large contributor to network and asset vulnerabilities are baseline configuration issues. These include, but are not limited to: weak passwords, unencrypted protocols, unnecessary ports open, and account management issues. For U.S. government employees these are often addressed by security technical implementation guides or STIGs. Many of the attacks in recent years have been directly caused by poor management of baseline configurations such as these.

已翻译

赞
Chika Nwachukwu, MBA, CISSP, CISM, CISA

Senior Manager, Cybersecurity, Privacy and Digital Risk at PwC
举报内容
It's also important to state that you must ensure your vulnerability scanning tools plugins are updated. There are tools today, especially AI-leveraged ones that give you the guarantee of not recording false-positivity in your scans. You can also manually carry out a PoV to ensure scan results' accuracy and assess the impact and risk matrices.

已翻译

赞

4 Step 4: Evaluate and prioritize the risks

The next step is to evaluate and prioritize the risks that you have identified and analyzed. Risks are the combination of the likelihood and severity of a threat exploiting a vulnerability and causing an impact to your network or business. You can use various methods and tools to calculate and rank your risks, such as risk scoring, risk mapping, risk heat maps, or risk dashboards. The goal is to focus on the most critical and urgent risks that require your attention and action.

添加您的观点

Jayson Telford

[CEH, CySA+, Sec+, CSAP] Security Researcher, HTB Ranked: Hacker
举报内容
Prioritizing risks requires holistic knowledge of the environment. Think of this as a triage in the same way doctors must do with patients. Is this patient at risk of dying right now? Is this vulnerability at risk of being exploited right now? These would take precedence over a patient -or vulnerability- that has a very low likelihood of being exploited. This can become far more complicated as more vulnerabilities are discovered, but many metrics exist to help managers and executives make these decisions. These metrics include: CVSS (common vulnerability scoring system), EPSS (exploit prediction scoring system), and SSVC (stakeholder-specific vulnerability categorization) among others.

已翻译

赞

5 Step 5: Implement and document the controls

After prioritizing the risks, you need to implement and document the controls that will help you reduce, transfer, avoid, or accept the risks. Controls are the measures or actions that you take to improve your network security and mitigate the risks, such as patching, encryption, backup, firewall, or training. You can use various methods and tools to select and document your controls, such as control frameworks, best practices, policies, or procedures. The goal is to align your controls with your objectives and standards, and to document them for evidence and accountability.

添加您的观点

Jayson Telford

[CEH, CySA+, Sec+, CSAP] Security Researcher, HTB Ranked: Hacker
举报内容
In my experience many organization’s problems stem from lack of documentation. This can be due to lack of knowledge transfer or even willful withholding. This can tend to cause single points of failure within an organization. Instead, with proper documentation, an organization is far more resilient to individual’s sick days, vacation time, or leaving the organization. This also allows for a baseline of knowledge in the operational realm. Lessons learned should be learned one time rather than every time the same event occurs.

已翻译

赞
Charles B.
举报内容
To add on to what Jayson shared about documentation, sometimes there is a lack of clarity on what and how to document controls, threats, risks, etc. if it doesn’t exist as part of your assessment process already take the time to explore how you will document these critical parts of your assessment including granularity and audience.

已翻译

赞

6 Step 6: Monitor and update the assessment

The last step is to monitor and update your network security risk assessment over time. Network security is not a one-time event, but a continuous process that requires regular review and revision. You need to monitor the effectiveness and performance of your controls, and update your assessment based on the changes in your network environment, threat landscape, or business needs. You can use various methods and tools to monitor and update your assessment, such as audits, reports, alerts, or feedback. The goal is to ensure that your network security risk assessment remains relevant and accurate.

添加您的观点

7 Here’s what else to consider

This is a space to share examples, stories, or insights that don’t fit into any of the previous sections. What else would you like to add?

添加您的观点

加载更多内容

Network Security

+ 关注

给文章评分

我们借助人工智能创建了此文章。您认为这篇文章怎么样？

很棒不太好

举报此文章

查看全部

How do you monitor and update network security risk assessment over time?

1

2

3

4

5

6

7

1 Step 1: Define the scope and objectives

2 Step 2: Identify the assets and threats

3 Step 3: Analyze the vulnerabilities and impacts

4 Step 4: Evaluate and prioritize the risks

5 Step 5: Implement and document the controls

6 Step 6: Monitor and update the assessment

7 Here’s what else to consider

Network Security

给文章评分

感谢您的反馈

更多Network Security相关文章

更多相关阅读内容

How do you monitor and update network security risk assessment over time?

1

2

3

4

5

6

7

1 Step 1: Define the scope and objectives

2 Step 2: Identify the assets and threats

3 Step 3: Analyze the vulnerabilities and impacts

4 Step 4: Evaluate and prioritize the risks

5 Step 5: Implement and document the controls

6 Step 6: Monitor and update the assessment

7 Here’s what else to consider

Network Security

给文章评分

感谢您的反馈

查看其他技能