Home
Topics
Security Channel
Introductory Security Services
Do you have a planned schedule for the security assessment?

FAQ

Do you have a planned schedule for the security assessment?

About the author

Joel Scambray has held diverse roles in information security over a dozen years, including co-author of Hacking Exposed: Windows and Hacking Exposed: Web Applications, senior director of security at Microsoft, co-founder of security technology and service company Foundstone, senior security consultant for Ernst & Young and internationally recognized speaker in both public and private forums. Listen to the supplemental podcast with Joel for more information on security site assessments.

The volume of work requested must be scheduled rationally across the client's existing commitments, keeping in mind potential impacts on other important initiatives (e.g., ongoing database platform migrations that might interrupt testing for extended periods). Special attention should be given to the IT maintenance window schedule, if the customer requires that all testing be performed during those slots. This also aligns closely with the scope/scale of the assessment, especially where automated tools are to be used to perform numerous iterations (e.g., network vulnerability scanning across hundreds of IP addresses for dozens of vulnerabilities). Always leave a bit of padding for special access needs, such as on-site host assessments -- it always takes longer than you think to get access to target systems.

Return to the security site assessment FAQ guide and read the rest of Joel's expert answers.

More News and Tutorials

Articles

This was first published in May 2008

Join the conversationComment

Share

Comments

Results

Contribute to the conversation

All fields are required. Comments will appear at the bottom of the article.

More from Related TechTarget Sites

Microscope
Cloud Provider
Security
Networking
Storage
Cloud computing
Server Virtualization
Data Backup

MicroscopeUK
- HotLink helps VARs address hypervisor management
  
  Latest Silicon Valley start-up touts award-winning multi-hypervisor and hybrid cloud management product as it sets up shop in Europe
- Adobe mulls over licensing changes
  
  Adobe's CEO has indicated that it is listening to customers concerns about license payment options and might make changes
- HP looks to former Acer, Lenovo boss to run PPS
  
  Dion Weisler to run Printing and Personal Systems (PPS) after Todd Bradley gets posted to China
Cloud Provider
- Providers find value in vendor-specific cloud certifications
  
  Vendor-specific cloud certifications let providers show their technological expertise in ways independent audits can't.
- News briefs: Red Hat OpenShift Online goes live; Lenovo pushes cloud
  
  This week, Red Hat's OpenShift Online rolls out for commercial use, Lenovo enters the cloud market and NTT deploys VMware network virtualization.
- Open source vs. proprietary cloud provider platforms
  
  The choice between an open source or proprietary cloud platform plagues cloud providers, as open source platforms mature and end-user needs evolve.
Security
- Users may remain vulnerable despite Oracle Java patch release
  
  Oracle has issued a new security patch for Java, but only 7% deployed the patch before it.
- Gary McGraw: NSA data collection programs demand discussion, scrutiny
  
  Opinion: Gary McGraw details the various and sundry NSA data collection programs and explains why all its efforts demand new discussion and scrutiny.
- Enterprise BYOD offers mixed bag for enterprise endpoint security
  
  A Gartner analyst says enterprise BYOD -- specifically iOS and Android devices -- presents many pros and cons for enterprise endpoint security.
Networking
- Marble Security's cloud-based mobile security service augments MDM
  
  Marble Security released its new cloud-based mobile security service that can work with MDM tools for protection of employee-owned mobile devices.
- New VMS feature enables big spines of Mellanox Ethernet ToR switches
  
  A new Layer 3-based Virtual Modular Switch feature on top-of-rack Ethernet switches from Mellanox enables large clusters for leaf-spine architecture.
- Can your existing tools juggle so many external services?
  
  You need to make sure you have the right tools to effectively monitor so many new externalized services. Expert Henry Svendblad shows you how.
searchStorage
- Imation upgrades Nexsan Assureon object-based storage archive
  
  Imation makes first product upgrade since acquiring Nexsan, delivering Assureon 7 for object-based storage archiving.
- Following Dell acquisitions, users find platform integration enticing
  
  Customers want to see the storage products Dell has gained through acquisitions better integrated with common management.
- Converged systems offer turnkey storage and server bundles
  
  Storage vendors are packaging their products with servers and networking gear to create ready-to-run converged systems. Could this be the end of best-of-breed deployments?
Cloud computing
- PaaS market heats up with Red Hat OpenShift, Savvis AppFog buy
  
  PaaS made headlines last week, but it's still difficult to gauge the true level of interest in Platform as a Service in the enterprise world.
- IBM, Salesforce deals usher in cloud consolidation era
  
  IBM's SoftLayer buy is getting mixed reviews from IT pros, but everyone agrees that it's an example of the consolidation phase of the cloud bubble.
- U.S. defense agencies' cloud transition yields better intelligence
  
  A cloud migration seems daunting but the effort is worthwhile; U.S. defense agencies say their cloud move led to better military intelligence.
Server Virtualization
- Moving VMs around? Avoid downtime with Hyper-V Live Storage Migration
  
  Live Storage Migration eliminates the downtime associated with moving VM files from one storage location to another and helps improve performance.
- RHEV proves to be a cost-effective alternative to vSphere
  
  Some IT departments have turned to low-cost, flexible virtualization platforms, such as Red Hat Enterprise Virtualization, to lower VMware costs.
- Guidelines for moving multiple VMs with Hyper-V Live Storage Migration
  
  Live Storage Migration makes it easy to move multiple storage files of running VMs without downtime, but there are practical limits you should know.
searchDataBackup
- Zetta improves DataProtect with WAN optimization
  
  Zetta adds WAN optimization to its DataProtect enterprise cloud backup and disaster recovery software.
- SMB data backup strategy must overcome data protection issues
  
  Jason Buffington discusses some of the major data protection issues an SMB must overcome in building their data backup strategy in this podcast.
- HP turns StoreOnce into virtual storage appliance
  
  Hewlett-Packard delivers virtual software appliance version of its StoreOnce deduplication technology and a scalable midrange tape library.

All Rights Reserved,Copyright 2006 - 2013, TechTarget