Should be done 1X per year but preferably 1x per quarter
- Planning – Need written security policy, a team and a budget to drive this. What will be audited and are there already logs?
- Choosing the Tools – Sniffers, Vulnerability Scanners, Secure Operating System, PM Software, Network Mappers, Port Scanners
- Implementation – Basically the Penetration Test part of this.
- Reporting – The outcome of previous tests. Could be integrated into the tool or separate software.
- Assessment and Re-Design – Assess the success of the audit and locate and reveal areas of vulnerabilities and implement solutions.