The Best Damn IT Security Management Book Period

Part 2: Network Security Evaluation

Chapters List

Chapter 12: Introducing the INFOSEC Evaluation Methodology
Chapter 13: Before the Evaluation Starts
Chapter 14: Setting Expectations
Chapter 15: Scoping the Evaluation
Chapter 16: Legal Principles for Information Security Evaluations
Chapter 17: Building the Technical Evaluation Plan
Chapter 18: Starting Your Onsite Efforts
Chapter 19: Network Discovery Activities
Chapter 20: Collecting the Majority of Vulnerabilities
Chapter 21: Fine-Tuning the Evaluation
Chapter 22: The Onsite Closing Meeting
Chapter 23: Post-Evaluation Analysis
Chapter 24: Creating Measurements and Trending Results
Chapter 25: Trending Metrics
Chapter 26: Final Reporting
Chapter 27: Summing Up the INFOSEC Evaluation Methodology

Introduction

Security providers around the world have been trying for years to engineer an effective means for conducting technical evaluations that is meaningful to the customer. For too long, we've seen fly-by-night consulting companies walk into a customer organization, run a security vulnerability scanner, print out the default application report (after replacing the logo), and present that to the customer as the final deliverable. Although the initial paper factor of this type of work might be impressive to the uneducated customer, once they start digging into the actual contents of the report and trying to understand how it applies to their organization, they normally discover that this level of service is lacking.

Until recently, the use of a repeatable, structured, and flexible methodology to provide these services was on a per-company basis. Customers could never really be sure what to expect when they asked for a security evaluation. Would it be a penetration test? A...

UNLIMITED FREE
ACCESS
TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Category: Trending and Historian Software
Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.