Security consultant Essay Example | Topics and Well Written Essays - 500 words

Security consultant - Essay Example Secondly, this assessment forms the basis upon which these risks, threats, and vulnerabilities are prioritized in accordance with criticality. Remediation of the identified risks and vulnerabilities can then be effectively budgeted. Also, it is from this risk assessment that compliancy with new IT security laws and regulations can be achieved to avoid legal issues. Essentially, a properly conducted risk assessment offers a basis through which the company may roll out a set of procedures aimed at protecting company’s assets, which for this case include hardware, software, and critical information. The scope describes what is covered and what is not covered in the assessment by identification of the needs to be protected, sensitivity of the information protected, and the extent of the protection. Defining the scope of network security assessment is important as it forms the basis of understanding the budget and level of security defined by the policies of the company. Understandably, the scope is a factor of criticality of information that a company has or seeks to protect from damage, manipulation, or malicious disclosure to the public. Areas covered include type of operating systems in used in the computers, access control permissions, port scanning, wireless leakage, firewall testing, intrusion detection testing, and service pack levels. A thorough assessment of these areas identifies the loopholes through which company’s critical information may be compromised. The aim is to proactively protect these areas from malicious attacks or access. OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation) is a commonly used methodology for strategic assessment and planning of network security risks. The OCTAVE methodology is a technique used to analyze a company’s information security requirements. OCTAVE Allegro is the latest development and is widely used by the CERT Division. While older versions, which are