Site Security Planning

Threat Identification

Identifying threats to your Web site includes creating inventories of assets, evaluating assets and potential losses, and recognizing where potential threats originate (from inside and outside your organization).

When your organization engages in business over the Web, potential threats become more numerous. Security plans must account for communication of information between your site and the intranet sites of your business partners and customers.

Threats increase as assets are deployed to new environments. Many sensitive information assets stored and used in traditional environments—such as corporate databases connected to corporate users by means of a local area network (LAN)—will also be deployed in relatively new environments—such as intranets and the Internet. The increase in the use of Transmission Control Protocol/Internet Protocol (TCP/IP) networks, including the Internet, has created new environments in which employees, business partners, and customers expose information assets to new security threats. Therefore, your network-based information will be potentially more vulnerable than ever.

The following list summarizes the criteria to use when assessing threats and potential damage to information that will be deployed on intranets and over the Internet. For an example, see “Where to Spend the Effort.”

For each asset requiring security:

• Create an inventory of online assets requiring security. Identify all systems, applications, and information that will need protection from intruders.
• Specify who needs access to the assets (in-house users, business partners, customers, an anonymous public), and from where (your intranet, or the Internet).
• Estimate the relative value of the assets you are charged to protect. A useful approach is to measure value as the relative damage that would be suffered by the organization, if an asset were corrupted or lost. Consider the importance of each asset to the achievement of business goals, the need to maintain credibility with customers, and the cost of replacing these assets if they are lost.
• Specify the consequences to your organization of a successful intrusion (loss of data, loss of service).
• Estimate the maximum potential damage on a scale of 1 (low) to 10 (high). Take into account that both data loss and denial of service will damage your organization and its customers.
• Estimate the minimum cost of providing adequate security for each category of assets on a scale of 1 (low) to 10 (high).
• State any conditions or assumptions affecting threats to assets or cost of security. For example, on the condition that the organization will use Internet-standard encryption methods, you might assign a low-cost factor to securing private data transmitted over the Internet between browsers and servers.

See the following:

• Attacker Motives and Targets

© 1997-1999 Microsoft Corporation. All rights reserved.