Site Security Planning

Assigning Threats and Potential Damage

First the administrator listed the assets needing protection, the network environments from which users would gain access, and the threats to those assets. Linking assets to access (see Table B.1) leads to an important security issue: the need to protect assets outside the corporate firewall. An asset only available from the company’s intranet is protected from outside intruders by the Exploration Airlines firewall. However, assets sent over the Internet are vulnerable to interception while being routed across a public network. Making this distinction helps identify security requirements and cost issues that can be resolved in later steps. Notice that for item 1 (in Table B.1), access is from the intranet and the Internet. This is assuming that Exploration Air employees are allowed to access their accounts from home using dial-up access and to logon via HTTP forms. Thus there is potential danger, due to employees who access the intranet from the Internet.

Next, the administrator considered how each asset might be compromised, and categorized the potential loss as either a loss of data or denial of service. Based on the high value the company attributes to its customers and to its own good name, the administrator placed a high damage score on losses of customer data, especially when customers’ money might be involved. For clarity and simplicity, the administrator did not include information considered public, needing little if any protection.

Table B.1   Threats and Potential Damage

Web Site Threat Assessment for Site:_______________ as of (Date):_______

© 1997-1999 Microsoft Corporation. All rights reserved.