Nine questions to ask when evaluating a security threat

You've just learned that a new worm from a
former Soviet country is spreading fast because it doesn't rely on
e-mail – it automatically exploits a vulnerability in Microsoft's
Internet Information Server. Now what? Do you cancel your evening plans
and stay late testing patches, or can you safely ignore this worm?

Network administrators face similar questions hundreds of times
each year. With your company's electronic treasures at stake, you need
a consistent paradigm to help evaluate whether each new threat deserves
a yawn, a fire drill or something in between.

What follows is a checklist of nine questions to help you weigh the significance of any new threat.


Author: Xavier Ashe

Entrepreneur, Infosec Executive, CISSP, CISM, Ironman triathlete, traveler, UU, paleo, father of 8, goyishe, gamer, & geek.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s