Resources Tagged with 'risk assessment'

“Understanding the nature and abilities of our attackers is essential for effective security, but our day-to-day duties require us to think like defenders.”  No, this is not a quote from the Homeland Security operations manual, but a preamble for this IT security wargames presentation by Tim Casey, Senior IT InfoSec Analyst.  Wargaming focuses the attention of multiple experts toward a specific attack goal.  Casey gives the details at a recent Miami Intel Premier IT Professional seminar.

 Find what the bad guys are looking for.  That’s the philosophy behind Intel IT’s wargame exercises in which they ruthlessly attack their own data centers.  Intel IT’s Senior InfoSec Analyst Tim Casey tells how the game is played and what benefits IT can accrue from playing it.

 Mark Goldsmith, Senior Security Specialist with Intel IT, takes a look at the evolution of risk assessments, at the variety of methods of managing business risk and at Intel’s efforts to align to industry standards.  Then he describes the Information Security Risk Assessment method and the General Business Risk Assessment method and demonstrates a tool to help other IT organizations wishing to do similar assessments.

Find what the bad guys are looking for.  That’s the philosophy behind Intel IT’s wargame exercises in which they ruthlessly attack their own data enterprise.  Intel IT’s Manager of Risk and Threat Analysis Kurt Nelson tells how the game is played and what benefits IT can accrue from playing it.

Intel IT’s Timothy Casey, CISSP and Senior InfoSec Specialist, explains why attacking your own data enterprise can be a good thing.  It  provides intensive training to security professionals in advanced offensive threat design and it provides a detailed set of attack scenarios against an asset, useful for identifying complex, multidimensional vulnerabilities. Find out about Intel’s approach in this recent Intel Premier IT Professional IT best practices seminar presentation.

Taking a look at the evolution of risk assessments, Mark Goldsmith, a Senior Security Specialist with Intel IT, goes on to explain how Intel has consolidated their methods to bring consistency to the risk assessment process.  He also demonstrated a risk assessment tool available for download to Intel Premier IT Professional members. 

Intel IT uses wargaming as an risk assessment methodology to provide actionable information about real world threats and vulnerabilities to their computing environment. This recent presentation from the Minneapolis Intel Premier IT Professional best practices seminar, presented by Jackee Ireland, Director of Global Information Security Risk and Threat Analysis for Intel IT, has the details.

Intel has developed a process and tool that combines general business and information security risk assessment methodologies, establishing a consistent, repeatable process to produce more comprehensive risk profiles. When used individually, these two distinct and previously disconnected methods leave gaps in the risk landscape. Our Risk Assessment Program Lite database tool combines these methods, filling in the gaps; it prioritizes risks and displays risk rankings in a color-coded graphical format. With a more complete picture of the risk landscape, we can focus our resources on those that are most critical and better protect Intel.

Ruthlessly attack your own enterprise? That’s right. Intel’s IT uses wargaming as a risk assessment methodology to provide actionable information about real world threats and vulnerabilities to their computing environment. Get the details from this recent Intel Premier IT Professional best practices presentation.

RAPLite is a database application that provides functionality to perform a qualitative risk assessment. The program supports two industry standard risk assessment techniques combined into a single application using a consolidated risk assessment methodology. General business risks can be identified and prioritized using a risk statement, likelihood and impact method. Information security specific risks can be quantified using a threat, vulnerability, consequence method. Both methods are combined such that the output of the program is a graphical risk profile and prioritized ranking of all identified risks. The application is a complied version of Microsoft Access* and requires that Access 2003 is installed on the PC running the program.