• Support Plus   |   Contact a Representative   |   Contact WhiteHat

• Website Risk Management
  • Asset Identification
  • Vulnerability Management
  • Reporting/Communication
  • Protection
• Sentinel Services
  • Cost-effective Solution
  • Benefits
  • Core Features
  • Unique Methodology
  • Selection Guidelines
  • Sentinel Premium Edition
  • Sentinel Standard Edition
  • Sentinel Baseline Edition
  • Sentinel for QA
  • PCI Compliance
  • Integration – via XML API
  • Certification Program
  • How Sentinel Works
  • WAF Integration
• Support Plus
  • Gold Service Level
  • Silver Service Level
  • Standard Service Level
  • Service Levels
• Education Services
  • Onsite Training
  •    Guidelines
  •    Building Secure Web Applications
  •    Adv. Secure Coding for Java
  •    Adv. Secure Coding for .NET
  • e-Learning
  •    Intro to Web App Security
  •    Secure Coding for Java
  •    Secure Coding for .NET
  •    Threat Modeling
• Events & News
  • News Coverage
  • Press Releases
  • Interviews
  • Awards
  
  
  
  • Sentinel Videos
• Resources
  • Whitepapers
  • Webinars & Presentations
  • Jeremiah Grossman Blog
  • Website Statistics Report
  • Website Security Glossary
• Partners
  • Strategic Partners
  • Partner Application Form
  • Partner Portal Login
• About WhiteHat Security
  • Leadership Team
  • Board of Directors
  • Success Stories
  • Careers
  • Contact Us
  • Support

• Website Risk Management
• Asset Identification
• Vulnerability Management
• Reporting/Communication
• Protection

Asset Identification and Profiling – Gaining Visibility

The process for determining and managing the risk of your websites, as well as the data they store and retrieve is a multi-faceted one:

Asset Identification

You must identify all the website assets within your organization.  This is may not be an easy task, particularly within a large organization.  Business units may create new websites without involving the security organization. Company acquisitions and mergers can quickly add large numbers of websites to your roster.  And over time, URLs completely unrelated to the company’s brand are used, so identifying all the relevant websites through host names alone may prove impossible. 

Asset Prioritization – Risk Profiling

Once all your websites are identified, the next step is to categorize how critical each website is to the success of your business, based on several factors:

• Does the website generate revenue?
• Does the website store and retrieve regulated data?
• Does the website contain any company-specific confidential data?

This information is key in determining the overall risk to the organization associated with each website. In turn, the risk determines the amount and timing of the resources that must be allocated toward each websites security.  Other factors may also be considered in terms of determining the overall risk to the organization – for example, when was the website developed and on what platform? If a site was developed many years ago, then it was probably not developed with methodologies in place to prevent current attacks.  In recent years programming platforms have been developed to automatically prevent many common website vulnerabilities.  If a site was not developed on one of these platforms, then there is a greater likelihood that the site may contain more of these types of vulnerabilities.  

Within the year, WhiteHat Security will further assist customers with this process of risk assessment and asset prioritization by providing our own risk profile recommendations.  Of course, customers can manage and adjusted this profile to adhere to their own internal risk management preferences.