Advice for Risk Assessment consultant (was Re: Intrusions)

Dale Whiteaker-Lewis (dalewl@radian.com)
Wed, 31 Jan 1996 09:09:14 -0600 (CST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Paul G. Seldes: "RE: Intrusions"
Previous message: Dan Stromberg: "Re: Introduction"
In reply to: Ira S. Winkler: "Re: Intrusions"
Next in thread: Dale Drew: "Re: Intrusions"

Speaking of risk assessment, my company is looking for qualification 
statements from consultants prepared to do a thorough risk assessment of 
the computing practices of an international environmental consulting 
company.  Does anybody have any leads to this sort of consultant or (more 
importantly) recommendations for a particular consultant?  Your help 
would be most appreciated.

On Tue, 30 Jan 1996, Ira S. Winkler wrote:

> When you conduct a thorough risk assessment, you have to look at the threats
> and vulnerabilities by default.  I tend to believe that vulnerabilities are
> more important to consider than threats, in most cases, because threats would
> be irrelevant if there are no vulnerabilities.  It is true that vulnerabilities
> would be irrelevant without threats, but if you have anything of value than
> there will be a threat.  
> 
> The big question becomes how much money do you want to put towards 
> countermeasures, which is dependent upon the value of your information and
> the value of the services dependent upon your information resources.
> 
> Ira
> 
> [Quoted Article Deleted]

Next message: Paul G. Seldes: "RE: Intrusions"
Previous message: Dan Stromberg: "Re: Introduction"
In reply to: Ira S. Winkler: "Re: Intrusions"
Next in thread: Dale Drew: "Re: Intrusions"