
	Home > What type of security assessment does the client want?

FAQ:

EMAIL THIS

What type of security assessment does the client want?

19 May 2008 | SearchSecurityChannel.com

Digg This!

StumbleUpon

Del.icio.us

About the author

Joel Scambray has held diverse roles in information security over a dozen years, including co-author of Hacking Exposed: Windows and Hacking Exposed: Web Applications, senior director of security at Microsoft, co-founder of security technology and service company Foundstone, senior security consultant for Ernst & Young and internationally recognized speaker in both public and private forums. Listen to the supplemental podcast with Joel for more information on security site assessments.

There are different types of security assessments based on the role of the consultant. "Black-box" assessments assume zero knowledge on the part of the consultant and typically require more generalist security assessment skills (such as experience with network inventory and vulnerability scanning tools and techniques). "White-box" typically implies application source code review by experienced software developers (and/or automated code review tools). It may also imply access to design/specification documentation not normally available to an outsider. "Gray-box" is a hybrid of the black-box and the white-box. This information should be prepared by the client in advance of starting work.

Return to the security site assessment FAQ guide and read the rest of Joel's expert answers.

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Business risk assessment and risk analysis
	Loss leaders: Security products and services to get a foot in the door
	Getting to know the NERC CIP standards
	The intersection of security and disaster recovery
	Remote vulnerability scanning: Process, roles and responsibilities
	How to perform a network security audit for customers
	Creating your checklist and Summary
	How to generate revenue from unified threat management
	Unified threat management: Migration and management techniques
	Unified threat management: An intro for solution providers
	Podcast with Dr. Paul Rohmeyer on choosing a remote management platform

Pre-assessment questions

What is the scope of the assessment?

Are there any relevant policy, compliance or third-party attestation issues?

Do you have a planned schedule for the security assessment?

What are the tangible deliverables of the security assessment?

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

SEARCH

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2006 - 2009, TechTarget \| Read our Privacy Policy