Solved

Security Assessments

Posted on 2009-05-05
10
502 Views
Last Modified: 2012-05-06
Experts,

I wonder if you could provide a basic overview on what types of security assessment, audits etc you perform on your IT infrastrucuture, and how often you perform it, i.e. assess your firewall every quarter, your physical security every 6 months, your IDS 6 monthly etc etc.

We have come up with some plans to fit in security assessments of certain components of our IT infrastructure and security, to be performed by an external vendor but would just like to compare the plans to your setup.

Any pointers most welcome, and timelines on how often you assess certain parts of your IT setup, infrastructure and key systems would be most appreciated.

Regards
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 32

Assisted Solution

by:Kamran Arshad
Kamran Arshad earned 150 total points
ID: 24311802
Hi,

You need to place the IT Security Policy which includes assessment as well. There are many security policy templates available on Internet. A few are as below;

www.sans.org/resources/policies/ 
www.ruskwig.com/security_policies.htm
www.dir.state.tx.us/security/policies/templates.htm
www2.wlv.ac.uk/its/everyone/projects_and_policies/info_security_policy.pdf
www.altiusit.com/policies.htm
0
 
LVL 3

Author Comment

by:pma111
ID: 24311940
Hi uetian1707:

We do have a policy in place, it was more just to get a flavour of how accurate our policy was in terms of the assessment, and how others assess which parts of their IT infrastrucuture and how often.

Regards
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 24311959
do you have web servers also in your IT infrastructure?
0
Defend Your Organization from The Greatest Threats

Looking to fill the gaps in your security? Bring together information from the network, endpoint and threat intelligence feeds to really see what's happening in your organization. Join the WatchGuardians in their adventures fighting cyber crime!

 
LVL 3

Author Comment

by:pma111
ID: 24312153
Hi ahoffman, yes we do...
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 24312264
should your web applications be part off the assessment?
0
 
LVL 3

Author Comment

by:pma111
ID: 24315586
Anything really specific to IT infrastructure, major web based apps (Oracle etc)... Just wanted to see other peoples IT assessment schedules as a point of reference more than anything
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 350 total points
ID: 24316044
web based assessments are very different to traditional network security tests.
There're not much tools for that, most tests need to be done manually from experienced people.
If someone offers security testing including web apps, and then hands over a beautified nessus or nmap report, you could be sure that it's not worth reading it (except for your amusement:).

Just my 2 pence about pen testing web apps.
0
 
LVL 3

Author Comment

by:pma111
ID: 24333786
Thanks ahoffman, thanks for the tip..

I would be interesting to hear how often and what parts of your network (outside the web apps) do your company by someone in to test, i.e. every 6months?
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 24333971
I'm not used to network test (beside web apps are involved), hence cannot give valuable information, sorry.

For the network itself, a tests every 6 month and/or when the network or its components chage should be more than sufficient, IMHO.
0
 
LVL 3

Author Comment

by:pma111
ID: 24334145
Thanks for the pointers ahoffman
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are looking at this article, you have most likely been hit by some version of ransomware and are trying to find out if there is anything you can do, or what way you should react - READ ON!
There's a lot of hype surrounding blockchain technology. Here's how it works and some of the novel ways it' s now being used - including for data protection.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question