Ethical Hacking and Penetration Testing Guide


◾  Ethical Hacking and Penetration Testing Guide Risk Assessment



Yüklə 22,44 Mb.
Pdf görüntüsü
səhifə25/235
tarix07.08.2023
ölçüsü22,44 Mb.
#138846
1   ...   21   22   23   24   25   26   27   28   ...   235
Ethical Hacking and Penetration Testing Guide ( PDFDrive )

14
◾ 
Ethical Hacking and Penetration Testing Guide
Risk Assessment
Risk assessment as defined before is the analysis part of the report. It is very crucial for the 
customer because they would want to know the intensity of the damage the vulnerabilities are 
likely to cause; similarly, the security executives would also want to know how their team is 
performing.
Risk Assessment Matrix
When we talk about risk assessment analysis in terms of a penetration test, we compare the “likeli-
hood of the occurring” and the “impact caused by the occurring.”
The following is a “hazard risk assessment matrix” derived from MIL-STD-882B; it’s an excel-
lent method for demonstrating risk to the customer. In the following matrix the “frequency of 
occurrence,” that is, the likelihood of how often the vulnerability is occurring, is compared with 
the four hazard categories “catastrophic,” “critical,” “serious,” “minor,” and this is something you 
should definitely include in your penetration testing report.
Hazard risk assessment matrix
Hazard Categories
1
Frequency of Occurrence
(A) Frequent
(B) Probable
(C) Occasional
(D) Remote
(E) Improbable
1A
2A
3A
4A
1E
Unacceptable
High
Medium
Low
2E
3E
4E
1D
2D
3D
4D
1C
2C
3C
4C
1B
2B
3B
4B
Catastrophic
Critical
Serious
Minor
2
3
4
(From http://www.sms-ink.com.)
After including the risk assessment matrix, you should write a line or two describing the 
total risk.
Based upon the comparison of the vulnerabilities that were determined, their likeli-
hood and their impact we conclude the overall risk is high and the risk percentage was 
determined to be 82%.

Yüklə 22,44 Mb.

Dostları ilə paylaş:
1   ...   21   22   23   24   25   26   27   28   ...   235




Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©azkurs.org 2024
rəhbərliyinə müraciət

gir | qeydiyyatdan keç
    Ana səhifə


yükləyin