Pen Test teams are not a solution for providing security. While
many companies do pen test's ('proof-of-concept' in a sense) and
vulnerability analyses (snapshot's of security posture at a point
in time), to ensure that one keeps the bar high-enough, it is much
more important to develop security policies and procedures.
>From these documents, one can define roles, responsibilities and
the procedures to be followed with regards to machine patching,
granting of access, incident handling, et al.
Without these documents and a decent architecture definition, it
is difficult to implement a secure environment. It is also important
that the security posture of the organisation accurately reflects
the value of its information assets. Only once this type of
infrastructure is in place can one move forward.
In any case, good luck with your work.
Take care,
Andrew
-
Andrew Thomas
office: +27 21 4889820
facsimile: +27 21 4889830
mobile: +27 82 7850166
"One trend that bothers me is the glorification of
stupidity, that the media is reassuring people it's
alright not to know anything. That to me is far more
dangerous than a little pornography on the Internet."
- Carl Sagan
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, February 13, 2001 12:24 PM
> Subject: RE: Network Scanning Recommendations
> However, if you want some level of assurance that will enable you to
> sleep at night then I would advise that you find yourself a good
> penetration Testing Team.
>
> Liam.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
