Database Reference
In-Depth Information
Server, applications, and network hardening
Next, we focus on reacting to threats, and ensure that the components on the
network are all configured to resist those threats at the perimeter and also ensure
that any threats that have penetrated or originated inside the perimeter are
discovered, contained and eliminated. The following is a brief example of a
Threat
and Vulnerability Matrix
. We will expand the practitioners' guidance when we get
to our compliance chapters. What we have for you here is the end result of the risk
analysis for information assets.
Relevance of control as a
countermeasure to a Threat
9 Highly Relevant
0 Not relevant
Threats in Y axis Controls in X Axis
Intrusion (Hacking, Password Attacks)
9
1
1
9
9
9
3
3
3
9
1
9
3
9
1
9
1
3
3
9
3
3
9
9
3
3
1
9
1
3
1
1
1
1
9
9
1
3
1
9
1
1
0
9
9
1
0
3
3
3
1
9
3
3
3
3
9
3
1
3
9
3
3
3
3
3
3
1
1
3
3
3
3
9
3
3
3
3
9
3
3
0
3
1
3
0
0
0
1
1
0
9
3
9
1
1
1
0
0
1
1
1
1
3
9
1
0
1
1
1
0
0
0
1
1
1
0
1
9
9
0
Server Failures
Physical Damage to Hardware
Extortion
Insider Attacks
Spoofing
Denial of Service
Human Error
Theft of Computers
Malicious Code
Buffer Overflow Attacks
The preceding table shows the
Threat and Countermeasures matrix
.
It is not the ambition of the authors to document the security hardening steps. Oracle
does a great job of this through
Metalink Note 189367.1: E-Business Suite Security
Best Practices
. It is our ambition to make risk management practitioners aware of the
problems, where the remedies are documented and illustrate the nature of a few of
those remedies.
Search WWH ::
Custom Search