Risk management involves the measuring and/or assessing of risk and the development of strategies to manage that risk. In a computer system, risk management involves preventing and addressing malicious attacks as well as adversarial actions taken unknowingly that may corrupt normal operations. Known technologies for risk management of computer systems are described as follows.
Network Access Protection (NAP) determines machine (operating system) health (that is, whether the machine meets specified security requirements) prior to admitting it on a network. The determination may be performed after various events, including: at connect, authentication or re-authentication, during IP configuration of the machine, and/or when there is a change to the software state of the machine such as when an update is applied. For example, in the case of Dynamic Host Configuration Protocol (DHCP), NAP processing may occur at IP configuration times, including renewal or reconfiguration. In the case of 802.1x, NAP processing may occur at authorization and reauthorization times. In the NAP model, a NAP agent on the machine checks the health of a machine, captures its findings in a statement of health or bill of health (SOH/BOH), and sends the same to a NAP server or end station, respectively. If the NAP server or end station determines the machine to be unhealthy, it is put on a restricted network or the connection is not allowed until the machine gets patched appropriately.
Microsoft Baseline Security Analyzer (MBSA) is a tool designed for IT professionals that helps small and medium-sized businesses determine their security state in accordance with Microsoft security recommendations. MBSA provides Host Vulnerability Assessment (HVA). HVA may be used for checking vulnerabilities in the machine and generating a report for an administrator's benefit. The administrator may analyze the reported vulnerabilities in the machine to determine the risk the machine and the network is under. The administrator may then take appropriate actions to mitigate or fix the vulnerabilities in order to reduce the risk. Alternatively, such action may be taken automatically in accordance with security policy on the machine.
Other technologies, including anti-malware and intrusion detection/prevention technologies, guard against infiltration attempts by malware and may check for the presence of malware on the machine. When malware is discovered, these technologies may take preventative action of blocking, quarantining, or cleaning the malware.