Please reply using your own words and opinion to my classmates. Reply should be anywhere from100-150 words. Total of two replies. The questions as followed:
How do you conduct a security assessment? What aspect of a security assessment do you feel is most challenging? Why?
Reply #1:
According to Synopsys (2021), “A security risk assessment identifies, assesses, and implements key security controls in applications.” Security assessments are vital to the success of any company. As a result, it is important that a routine security assessment is completed to ensure that all assets are protected and vulnerabilities addressed. Therefore, the first step in conducting a security assessment would be identifying the asset that needs to be protected. Once this is identified, it is important to then complete and assessment of possible threats and vulnerabilities. At which point an approach to mitigate the vulnerabilities are created. And lastly, implement a plan to properly and effectively eliminate current and future threats and vulnerabilities.
I believe that the most challenging part of a security assessment is implementing a plan with hopes that it will properly and effectively eliminate the current threats as well as future threats. The reason I believe this is a challenge is because even though a strategy might work for a current issue, this does not guarantee that it will work for future issues. Hence why it is important that a security assessment is completed at least yearly.
Reply #2:
A security risk assessment identifies, assesses, and implements critical security controls in applications. It also focuses on preventing application security defects and vulnerabilities. Carrying out a risk assessment allows an organization to view the application portfolio holistically—from an attacker’s perspective. It supports managers in making informed resource allocation, tooling, and security control implementation decisions. Thus, conducting an assessment is an integral part of an organization’s risk management process.
The 4 steps of a successful security risk assessment model
1. Identification. Determine all critical assets of the technology infrastructure. Next, diagnose sensitive data that is created, stored, or transmitted by these assets. Create a risk profile for each.
2. Assessment. Administer an approach to assess the identified security risks for critical assets. After careful evaluation and assessment, determine how to effectively and efficiently allocate time and resources towards risk mitigation. The assessment approach or methodology must analyze the correlation between assets, threats, vulnerabilities, and mitigating controls.
3. Mitigation. Define a mitigation approach and enforce security controls for each risk.
4. Prevention. Implement tools and processes to minimize threats and vulnerabilities from occurring in your firm’s resources.
One of the most complex and challenging parts of a security assessment is going to have to be a security aspect and going over any issues and any current problems that may have security policies. This will be the most difficult thing, and this is because it can really take some time for an establishment to help figure out.
0 comments