Network Vulnerability Assessment Methodology Steps

Download Free Network Vulnerability Assessment Methodology Steps

Phase I: Data Collection
- Collect and begin review of business objectives, strategic business directions, mission statements, etc.
- Collect and begin review of existing policies, procedures, standards, applicable regulations, laws, guidelines, circulars, letters, memos, audit comments, etc. Use ISO 17799 Self-Assessment Checklist to determine deficiencies.

Phase II: Interviews, Information Review, and Hands-on Investigation
- Interview key department representatives and business units.
- Interview internal customers of the network environment.
- Collect any documentation (policy, procedures, etc.) that was discovered missing from Phase I.
- Evaluate the security performance of key hardware, network, and software implementations.

Phase III: Analysis
- Identify existing concerns and critical security success factors, and analyze possible mitigating circumstances.
- Identify critical and sensitive data issues and practices.
- Identify security risks and formulate recommendations for mitigating those risks.
- Formulate actions to facilitate a successful implementation of the client's security program.

Phase IV: Draft Report
- Assess the existing security policies and procedures, and make recommendations where appropriate.
- Evaluate risks implicit in the existing network implementation and make recommendations for improved security practices, where appropriate.
- Assess the effectiveness of safeguards currently implemented (including firewalls) and make recommendations for improvement, where appropriate.
- Present the Draft Report to the sponsor and the NVA team for their comments, which will be included in the Final Report.

Phase V: Final Report
- Provide the Final Report and make a presentation as requested by the sponsor; the Network Vulnerability Assessment Team should be available to answer questions and clarify issues, as needed.