Risk Management

Risk can be defined as the combination of the probability of an event and its consequences.

 

Risk management identifies, assesses and prioritises risks with a view to monitoring, minimising and controlling the probability and impact.

 

In mitigating risks, preventative measures can be implemented.

 

Risk management includes penetration testing, log management and auditing.

 

A penetration test (pentest) evaluates the security of a computer system/network by simulating an attack from malicious, unauthorised outsiders; and malicious insiders  who have some level of authorised access.

 

The process involves an active analysis of the system for any potential vulnerabilities that could result from poor or improper system configuration, both known and unknown hardware or software flaws, or operational weaknesses in process or technical countermeasures.  This analysis is carried out from the position of a potential attacker and can involve active exploitation of security vulnerabilities.

 

Log management and auditing involves the collation, storage, centralisation and long-term retention of all data generated by IT systems.  This includes log analysis, log search and reporting.

 

Log management helps you to gain visibility, insight and control over your organisation’s IT data.  It is driven by security, network operations (such as system or network administration) and regulatory compliance to assist with troubleshooting issues, meeting compliancy/audit requirements and as a means to investigating security threats.

 

Vendors and Products

 
Security