Security Assessments

Experts,

I wonder if you could provide a basic overview on what types of security assessment, audits etc you perform on your IT infrastrucuture, and how often you perform it, i.e. assess your firewall every quarter, your physical security every 6 months, your IDS 6 monthly etc etc.

We have come up with some plans to fit in security assessments of certain components of our IT infrastructure and security, to be performed by an external vendor but would just like to compare the plans to your setup.

Any pointers most welcome, and timelines on how often you assess certain parts of your IT setup, infrastructure and key systems would be most appreciated.

Regards
LVL 3
pma111Asked:
Who is Participating?
 
ahoffmannCommented:
web based assessments are very different to traditional network security tests.
There're not much tools for that, most tests need to be done manually from experienced people.
If someone offers security testing including web apps, and then hands over a beautified nessus or nmap report, you could be sure that it's not worth reading it (except for your amusement:).

Just my 2 pence about pen testing web apps.
0
 
Kamran ArshadIT AssociateCommented:
Hi,

You need to place the IT Security Policy which includes assessment as well. There are many security policy templates available on Internet. A few are as below;

www.sans.org/resources/policies/ 
www.ruskwig.com/security_policies.htm
www.dir.state.tx.us/security/policies/templates.htm
www2.wlv.ac.uk/its/everyone/projects_and_policies/info_security_policy.pdf
www.altiusit.com/policies.htm
0
 
pma111Author Commented:
Hi uetian1707:

We do have a policy in place, it was more just to get a flavour of how accurate our policy was in terms of the assessment, and how others assess which parts of their IT infrastrucuture and how often.

Regards
0
Increase Security & Decrease Risk with NSPM Tools

Analyst firm, Enterprise Management Associates (EMA) reveals significant benefits to enterprises when using Network Security Policy Management (NSPM) solutions, while organizations without, experienced issues including non standard security policies and failed cloud migrations

 
ahoffmannCommented:
do you have web servers also in your IT infrastructure?
0
 
pma111Author Commented:
Hi ahoffman, yes we do...
0
 
ahoffmannCommented:
should your web applications be part off the assessment?
0
 
pma111Author Commented:
Anything really specific to IT infrastructure, major web based apps (Oracle etc)... Just wanted to see other peoples IT assessment schedules as a point of reference more than anything
0
 
pma111Author Commented:
Thanks ahoffman, thanks for the tip..

I would be interesting to hear how often and what parts of your network (outside the web apps) do your company by someone in to test, i.e. every 6months?
0
 
ahoffmannCommented:
I'm not used to network test (beside web apps are involved), hence cannot give valuable information, sorry.

For the network itself, a tests every 6 month and/or when the network or its components chage should be more than sufficient, IMHO.
0
 
pma111Author Commented:
Thanks for the pointers ahoffman
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.