Information Technology Reference
In-Depth Information
−
Web based
CSIRT Web site
CSIRT Web services
Is there any other acceptable/useful means besides the Web?
Incident response and remediation coordination and assistance
Service restoration teams
Root cause analysis (RCA)
Organization feedback
Lessons Learned
External liaisons
Dealing with incident reports from other CSIRTs
For example, FIRST
n
n
−
n
−
−
−
n
n
n
−
8.11
Vulnerability Management
Vulnerability management includes vulnerability assessments that consist of vul-
nerability scanning, penetration testing, war driving, and war dialing. Vulnerabil-
ity management also includes patch management that receives alerts from vendors
regarding newly discovered vulnerabilities and how to remediate those vulnerabili-
ties. Remediation activity includes installing patches.
8.11.1
Vulnerability Assessments
A vulnerability assessment is the act of determining the degree to which an orga-
nization's information and information technology are open to attack or damage.
An abstract assessment process consists of identifying compliance requirements,
comparing policy against compliance requirements, generating a gap analysis, and
defining a remediation plan; plus comparing practice against policy, generating a
gap analysis, and defining another remediation plan.
This framework applies to many assessment variations and is a useful tool
throughout the IA
2
Process. For example, a compliance assessment process (CAP)
is one assessment variation. CAP variations include HIPAA, Sarbanes-Oxley, and
many others. A vulnerability assessment (VA) is one instance of a broader, more
abstract assessment process.
A technical vulnerability assessment focuses on information and information
technology internal parameter settings, configuration, and safeguards. A nontech-
nical vulnerability assessment focuses on non-cyber-aspects, including people (e.g.,
security awareness levels), physical (e.g., building security), and process (e.g., guard
enforcement of entry procedures or property management procedures). These are
the steps in the vulnerability assessment process:
n
Determine existing infrastructure.
