Pau Lo
asked on
Security Assessments
Experts,
I wonder if you could provide a basic overview on what types of security assessment, audits etc you perform on your IT infrastrucuture, and how often you perform it, i.e. assess your firewall every quarter, your physical security every 6 months, your IDS 6 monthly etc etc.
We have come up with some plans to fit in security assessments of certain components of our IT infrastructure and security, to be performed by an external vendor but would just like to compare the plans to your setup.
Any pointers most welcome, and timelines on how often you assess certain parts of your IT setup, infrastructure and key systems would be most appreciated.
Regards
I wonder if you could provide a basic overview on what types of security assessment, audits etc you perform on your IT infrastrucuture, and how often you perform it, i.e. assess your firewall every quarter, your physical security every 6 months, your IDS 6 monthly etc etc.
We have come up with some plans to fit in security assessments of certain components of our IT infrastructure and security, to be performed by an external vendor but would just like to compare the plans to your setup.
Any pointers most welcome, and timelines on how often you assess certain parts of your IT setup, infrastructure and key systems would be most appreciated.
Regards
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
do you have web servers also in your IT infrastructure?
ASKER
Hi ahoffman, yes we do...
should your web applications be part off the assessment?
ASKER
Anything really specific to IT infrastructure, major web based apps (Oracle etc)... Just wanted to see other peoples IT assessment schedules as a point of reference more than anything
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks ahoffman, thanks for the tip..
I would be interesting to hear how often and what parts of your network (outside the web apps) do your company by someone in to test, i.e. every 6months?
I would be interesting to hear how often and what parts of your network (outside the web apps) do your company by someone in to test, i.e. every 6months?
I'm not used to network test (beside web apps are involved), hence cannot give valuable information, sorry.
For the network itself, a tests every 6 month and/or when the network or its components chage should be more than sufficient, IMHO.
For the network itself, a tests every 6 month and/or when the network or its components chage should be more than sufficient, IMHO.
ASKER
Thanks for the pointers ahoffman
ASKER
We do have a policy in place, it was more just to get a flavour of how accurate our policy was in terms of the assessment, and how others assess which parts of their IT infrastrucuture and how often.
Regards