Risk Assessment

Out of the blue this week our GM asked me to begin doing a thorough Risk Assessment of our network and out data. Being fairly new to the whole Network Admin role, I quaked in my shoes a bit, and then started with Google. 

What I am finding is that this is a HUGE responsibility that could easily take up most of my time. I also found that I rather enjoy reading about this topic and planning for how we will do this at our small company. I also recognize that this could lead to a much deeper understanding not only of our network but how our company runs.

I started with a well written document from Network Computing called Risk-Assessment Strategies.  Now, I realize that this article is 8 years old, but if I remember correctly from college, methodology doesn’t change much.  Also, this document has been very helpful in giving me a birds-eye view of what I need to do for each area of concern. This turned out to be a great starting place for me, and I will continue to seek out other such help as I begin this immense task.

I also found, through refereneces in the above article, some helpful websites. The SANS Institute has a class that I am very interested in, and while I may not be able to convince the GM to spend this kind of money for training, the outline of what is taught gives me some ideas for what I need to be studying. I am specifically looking at the Security 401: SANS Security Essentials Bootcamp Style class, as it seems like a pretty comprehensive one and one that would be good for someone like me.

I also found that there are cheaper routes to go to get started with Risk Assessment instruction.  For example, here in the Chicago area they are offering a class called “How to Complete a Risk Assessment In 5 Days or Less” at the Secureworld Expo hosted by Microsoft.  This is three sessions of instruction that promise to provide methods and tools to use “an industry standard process in just five days.” 

As I learn and find more information, I will post it here, and please feel free to send along any links that you have used or have heard are helpful.

Advertisements

3 Comments »

  1. Dig around on the SANS.org website, they have a facilitator program where you help run the conference in exchange for much cheaper tuition. It even includes the GIAC certification, not quite so motivating to make sure you have the test coming your way *grin*

  2. scorpion1975 Said:

    scorp75@gmail.com

    http://www.health-risk-assessments.com/

    Nice site, please give some time and visit and I’m sure you won’t be disappointed

  3. Stephen,
    That is a fantastic tip. . .thank you so much for the help and for stopping by!

    Annette


{ RSS feed for comments on this post} · { TrackBack URI }

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: