Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
djscoot215
Viewer II
‎12-01-2021 10:49 AM
‎12-01-2021 10:49 AM

DDoS Risk Assessment

My organization received a recommendation from a third-party audit that we conduct a DDoS specific risk assessment. Are there any publicly available tools or templates for this specific purpose? Any help is appreciated!

Reply
0 Kudos
2 Replies
Until_then
Contributor I
‎12-01-2021 01:41 PM
‎12-01-2021 01:41 PM

You can check NIST SP 800-30 which describes how to conduct a risk assessment. Conducting a control assessment (utilizing NIST SP 800-53A) is a good start to see how well the controls are actually working. You can then conduct a risk assessment to see if the working controls mitigated the risk to your organization's risk tolerance level.

 

Always keep in mind the basics of what risk is: It's the likelihood of a threat exploiting a vulnerability and the resulting impact. 

 

Look at the various threats then determine the vulnerabilities of your information system. The impact caused by those threats (e.g., high, moderate, or low impact) is a subjective matter, dependent on your organization's opinion on the compromise of its data. 

Reply
iluom
Contributor II
‎12-02-2021 01:26 PM
‎12-02-2021 01:26 PM

 

Is there any framework or something as such from NIST to define the scope and goals of Annual Pen testing of a software product?

Chandra Mouli, CISSP, CCSP, CSSLP
Reply
0 Kudos