Performing a Security Review

Should be done 1X per year but preferably 1x per quarter

  • Planning – Need written security policy, a team and a budget to drive this. What will be audited and are there already logs?
  • Choosing the Tools – Sniffers, Vulnerability Scanners, Secure Operating System, PM Software, Network Mappers, Port Scanners
  • Implementation – Basically the Penetration Test part of this.
  • Reporting – The outcome of previous tests. Could be integrated into the tool or separate software.
  • Assessment and Re-Design – Assess the success of the audit and locate and reveal areas of vulnerabilities and implement solutions.