Finally Doing Something Security Related

the_Grinch · December 2009

Well today my boss ask me to do a risk assessment for our HQ. I have a lot on my plate, but this will at least give me something to look forward too. We did discuss some stuff today, where he said "don't worry about money, doesn't mean we'll do what you suggest, but don't not put something due to money." I replied that a lot of things we needed to do didn't require money to make us more secure. Nice to at least get a chance to do something, more experience for the resume!

dynamik · December 2009

Cool. I'm doing my first risk assessment at the beginning of January. I just ordered these two items today: Amazon.com: How to Complete a Risk Assessment in 5 Days or Less (9781420062755): Thomas R. Peltier: Books
Amazon.com: The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments (9780849329982): Douglas J. Landoll: Books

the_Grinch · December 2009

Thanks man, I will be picking them up eventually. I took a course in college on risk assessment and as a project I did the risk assessment for my school. I might look to see if I kept my book, but I know I have the project still. Thanks again!

dynamik · December 2009

I'll post back how I like them. IMHO, risk assessments and IT audits are the most tedious part of the job. I get why some people thrive on it. They're very detailed oriented and like to make sure ever I is dotted and every T is crossed. I'd rather pentest, setup a lab, teach someone something, etc. Congrats to you though. That sounds like a good stride forward. That experience is nice to have, even if it just becomes a bullet point on your resume for something bigger and better in the future.

Paul Boz and I were brainstorming how to make risk assessments fun. I had some interesting scenarios, but I am definitely partial to his concern that Jurassic Park might become real and we'd have to defend against velicoraptors on the mainland. I'm pretty sure lasers would need to be involved.

GAngel · December 2009

I love risk assessments. I spent the last year doing them and coming up with the most insane scenario's.

the_Grinch · December 2009

I'm with you on the Jurassic Park scenario. Though, in my experience, I believe we need to be better prepared for a Zombie invasion. Might tell the company we need to stock up on weapons, ammunition, and food. Plus training for double tapping to make sure they are dead. More good news, company wants a penetration test done within the next couple of months.

dynamik · December 2009

5 Reasons You Secretly Want a Zombie Apocalypse | Cracked.com
5 Scientific Reasons a Zombie Apocalypse Could Actually Happen | Cracked.com
How to Survive a Zombie Apocalypse | Danger Room | Wired.com
How to Survive a Zombie Apocalypse | eHow.com
10 Tips for Surviving the Zombie Apocalypse - Comic Con - io9

Paul Boz · December 2009

The Jurassic Park scenario is more likely than a Zombie apocalypse because the genetic mutations would be super easy to pull off. you absolutely 100% have to be prepared for T Rex and raptor attacks. You don't mess around with that. Zombies can be taken down with a shotgun. dinosaurs laugh in your face at a shotgun. Period.

In all seriousness though, definitely take your time when doing the risk assessment, especially if you have never done one before. Start with the policies and procedures currently in place and ensure that you have mitigating controls for your perceived risk. There are also free risk assessment frameworks on the SANS website.

the_Grinch · December 2009

Yup that was my plan as most of our issues are policies based. Right now I have bigger projects that are considered more important so I will do a little at a time with this one.

Finally Doing Something Security Related

Comments