Threat matrix and risk analysis resources

There are many resources available to help value-added resellers compile a threat matrix and perform risk analyses.

I need to come up with a matrix of threats and countermeasures so I can start doing a risk analysis of what we

can be exposed to in my customer's infrastructure environment. Do you have any ideas or tips on how I can get that info?

There are many sources available to help you compile a threat matrix. Many books are written on the subject, as well as numerous web resources, to help you create a risk analysis (RA) matrix. WBDG has a good one, and the NIST publication 800-30 (.pdf) has been around for awhile, but it's still useful.

But before you start to focus on the countermeasures part, you'll need to understand the difference between a threat and a vulnerability to create a framework that makes this differentiation. Once you've compiled those, identify the company assets that would be affected, and rate the severity if a realized threat impacts the asset. Dr. Krutz' and my latest text, The CISSP and CAP Prep Guide: Platinum Edition, explains a high level approach to RA, defines various rate-of-occurrence formulae and provides a template matrix for threat/vulnerability/asset rating.

This was first published in May 2007

Dig deeper on Introductory Security Services



Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: