Get started Bring yourself up to speed with our introductory content.

Do you have a planned schedule for the security assessment?

Before conducting a security site assessment, you need to determine when you'll do it. Learn what factors to consider when planning your schedule.

About the author
Joel Scambray has held diverse roles in information security over a dozen years, including co-author of Hacking Exposed: Windows and Hacking Exposed: Web Applications, senior director of security at Microsoft, co-founder of security technology and service company Foundstone, senior security consultant for Ernst & Young and internationally recognized speaker in both public and private forums. Listen to the supplemental podcast with Joel for more information on security site assessments.

The volume of work requested must be scheduled rationally across the client's existing commitments, keeping in mind potential impacts on other important initiatives (e.g., ongoing database platform migrations that might interrupt testing for extended periods). Special attention should be given to the IT maintenance window schedule, if the customer requires that all testing be performed during those slots. This also aligns closely with the scope/scale of the assessment, especially where automated tools are to be used to perform numerous iterations (e.g., network vulnerability scanning across hundreds of IP addresses for dozens of vulnerabilities). Always leave a bit of padding for special access needs, such as on-site host assessments -- it always takes longer than you think to get access to target systems.

This was last published in May 2008

Dig Deeper on Introductory Security Services

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.