I agree about the need for regular network security audits. What I think is as important is a rethink of the existing network security policy.
The last time the department network security policy was looked was when a fast talking consultant dumped a colorful network security policy binder on your boss's desk (where it still resides,unopened!)
I think we needed to re look at the network security policy, adapt to industry changes and communicate better to developers on network security policy.
Gary
http://www.data-recovery-reviews.com/internetnetwork-security-policy.htm
Discussion on:
View:
Show:
Policies need reviewing every few years as things change so updates are required to keep them current and they then need to be communicated to the entire organization. Security does not work if everyone is not aware ot what it is or what they should be doing.
As fas as audting your network, this requires a qualified objective person who is either oustide the group or organization.
Lastly be prepared when you go through your first audit, it will be painful and do not be surprised by the number of issues found.
As fas as audting your network, this requires a qualified objective person who is either oustide the group or organization.
Lastly be prepared when you go through your first audit, it will be painful and do not be surprised by the number of issues found.
A read of this report might help:
http://csrc.nist.gov/publications/nistpubs/800-47/sp800-47.pdf
http://csrc.nist.gov/publications/nistpubs/800-47/sp800-47.pdf
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
