德锐大学
May 18, 2023
7 min read
May 18, 2023
7 min read
防范网络攻击,保护关键数据系统, 各种规模的公共和私营组织都需要将网络安全作为头等大事. 通过网络安全评估, 这有时被称为网络安全风险评估, organizations can get a clearer picture of their vulnerabilities and risk level in terms of data loss due to cyberattacks and the long-term effects of those vulnerabilities.
In this article, 我们将仔细研究为什么组织应该进行评估, who benefits from them and the different types of assessments that serve a range of cyber security objectives. 我们还将介绍执行网络安全评估的分步指南.
防范数据泄露: Protection against security breaches and the data loss that could result from them is a primary reason to conduct a cyber security assessment. 涉及客户数据泄露或丢失的数据泄露, financial information or intellectual property can have devastating short and long-term consequences, 比如收入损失和对公司品牌的潜在不可挽回的损害.
为将来的评估提供模板s:因为这种类型的评估不是一次性的测试, performing your first assessment will lay the groundwork for a standardized and repeatable process that can be done on a regular basis, 无论员工更替或业务流程的变化.
避免应用程序停机:通过加强网络安全协议和招聘具有丰富经验的专业人员 网络安全培训, you can make sure customer-facing systems are functioning normally and are available when they need them.
避免监管问题: 客户数据被盗可被视为未遵守法规的结果. One example of this are the rules and regulations required by the Health Insurance Portability and Accountability Act (HIPAA). The HIPAA隐私规则 was enacted to create standards for keeping individuals’ health information private while allowing information to be shared between healthcare providers. Penalties for non-compliance with HIPAA’s Privacy Rule can range from $127 - $63,973 per violation.
第三方风险评估: This type of assessment is conducted to measure the level of risk that can come with third-party relationships, 例如,对组织数据具有远程访问权限的供应商.
社会工程评估社会工程策略是恶意软件和间谍软件经常传播的方式, 通常是通过电子邮件. 这种评估的目标是审计的水平 网络安全意识 在整个组织中,通过员工秘密访问数据或网络. 通过评估他们的网络卫生知识和发现社会工程企图的能力, 如果需要,可以制定计划来改善网络安全教育.
漏洞评估: These assessments are among the most frequently performed tests in the industry and are usually automated. 它们的功能是检测网络、代码、数据或应用程序中的缺陷. 当发现漏洞时,会实施安全补丁或更新.
渗透测试: Often called ethical hacking,此评估用于测试在脆弱性评估中发现的弱点. 使用与恶意黑客访问数据系统相同的方法, penetration testers scope out a company’s security structures and simulate an attack to identify where security needs to be strengthened.
云安全评估:对于使用SaaS(软件即服务)的组织至关重要, IaaS(基础设施即服务)或PaaS(平台即服务), 云安全评估可识别基于云的资产面临的风险和威胁. It focuses on uncovering vulnerabilities in cloud infrastructure and neutralizing them using various access control management and governance measures.
这些信息对攻击者或我们的竞争对手有多大用处?
如果信息丢失了,可以重新创建吗? 那要花多长时间,要花多少钱?
如果信息是加密的,你有备份吗?
What are the potential financial or legal penalties associated with the loss or compromise of this information?
这些信息的丢失或泄露会对我们公司的日常运营产生什么影响?
将设备和软件重新联机需要多长时间? 潜在的业务中断是什么样子的?
长期影响呢?? 这种损失或曝光会造成多大的声誉损害?
与你的利益相关者一起创建一个完整的重要资产列表. This includes assets that produce revenue, as well as those that ensure data integrity to your users.
Data leaks which could occur as the result of poor configuration of cloud services or weak security policies and authentications standards. Here is where the loss of sensitive data like customers’ personal information could lead to a devastating loss of customer trust, 收入和声誉.
Insider threats, such as the misuse of information by authorized members of your team can also have devasting effects such as financial or reputational damage, 不管是故意的还是意外的.
服务中断 网络攻击可能会造成突然的双重后果, resulting in a loss of revenue and potentially motivating your customers to take their business elsewhere.
By Degree Level
By Area Of Study
Tuition & Expenses
Degrees & Programs
Tuition & Financial Aid
在纽约,DeVry大学以纽约DeVry学院的形式运作. DeVry大学是由高等教育委员会(HLC)认证的, www.hlcommission.org. 该大学的凯勒管理研究生院也包括在此次认证中. DeVry是由弗吉尼亚州高等教育委员会认证的. 阿灵顿校区:1400水晶博士., Ste. 120,阿灵顿,弗吉尼亚州22202. 德大学 is authorized for operation as a postsecondary educational institution by the Tennessee Higher Education Commission, www.tn.gov/thec. 莱尔校区:内珀维尔路4225号,400套房,莱尔,伊利诺伊州60532. Unresolved complaints may be reported to the Illinois Board of Higher Education through the online compliant system http://complaints.ibhe.org/. 查看DeVry大学的投诉流程 http://e4.btsjrjx.com/compliance/student-complaint-procedure.html 课程的可用性因地点而异. 在基于现场的项目中, students will be required to take a substantial amount of coursework online to complete their program.
©DeVry教育发展公司. 版权所有.