Home > Are required tools and people available to complete work on schedule?
FAQ:
EMAIL THIS

Are required tools and people available to complete work on schedule?

19 May 2008 | SearchSecurityChannel.com

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

About the author
Joel Scambray has held diverse roles in information security over a dozen years, including co-author of Hacking Exposed: Windows and Hacking Exposed: Web Applications, senior director of security at Microsoft, co-founder of security technology and service company Foundstone, senior security consultant for Ernst & Young and internationally recognized speaker in both public and private forums. Listen to the supplemental podcast with Joel for more information on security site assessments.

Licensing for any software tools should be obtained specific to client. For example, commercial security vulnerability scanning tools typically require license keys specifically tailored to client IP addresses and/or URLs. Some of the more common tools used in security assessments include network scanners, Web application scanners, host assessment scripts, database analysis software, wireless access point detection gear, fuzzers and source/binary code review software. Specialists/technicians should be available as scheduled to perform their work so that downstream dependencies don't have to wait (e.g., the SQL expert should schedule his analysis so that the dependent Web application security review can also be completed in a timely manner).

Return to the security site assessment FAQ guide and read the rest of Joel's expert answers.

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


RELATED CONTENT
Security Risk Analysis and Risk Management
How to perform a network security audit for customers
How to generate revenue from unified threat management
Unified threat management: Migration and management techniques
Unified threat management: An intro for solution providers
Podcast with Dr. Paul Rohmeyer on choosing a remote management platform
Have you created a map of the to-be architecture?
How will you leverage the remote management platform architecture to demonstrate controls effectiveness?
How does the remote management platform complement your existing architecture?
What is your business and what are the data risks?
How will you monitor for unknown threats with the remote management system?

More resources
Checklist: Top five security assessment tools
Nmap Tutorial: How to use the open source network scanner
Nessus Tutorial: Using the open source vulnerability scanning tool

Assessment questions
Has a kick-off meeting been held for the security site assessment?
Have access credentials, documentation and training been provided?
What is the proper methodology for security site assessments?
How to guarantee customer satisfaction after a security assessment?

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary


HomeNewsTopicsITKnowledge ExchangeTipsMultimediaWhite PapersBlogsEvents
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2006 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts