It is policy to ensure that the balance of risks, vulnerabilities, threats, and countermeasures achieves a residual level of risk that is acceptable based on the sensitivity or criticality of the individual information technology (IT) system.

In accordance with SOP, it is the System Owner’s responsibility to prepare or oversee the preparation of periodic risk assessments. Initial risk assessments are performed in the design phase and updated periodically thereafter. Support is provided by the Chief Information Security Officer (CISO).

Audit quarterly determine potential to cause loss / harm. Threats are based on feasibility

Host based

Network Based

Application Based

Stack based

Misuse detection

Anomaly detection

Specification based

Defense:

Passive

Reactive

Incidents are:

Captured

Stored

Indexed

Classified

Spoofing

Phishing attack

Email attack

Man in the middle

Linux IPChains IPTables

Port sentry

Is this a stimulus or response?

What is being targeted?

Does the service have known vulnerabilities or exposures?

Is this benign, an exploit, denial or service, or reconnaissance

Probably spoofed

Probability not spoofed

Third party

Are they targeting a specific host

Is this a general scan of an entire network

Is this a probable “wrong number”

Severity = (Critically + lethality) – (system countermeasure + Network Countermeasures)