Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Why Security testing is required

From: "steve" <securityfocus () delahunty com>
Date: Tue, 24 Feb 2004 12:59:13 -0500
One more "point of view" to add would be that of auditors.

Another reason to test security is to see if you have implemented systems
that enforce your policies.  So reverse engineer your written policies and
test.  For instance, are you blocking EXE attachments if that is your
policy, are you blocking PORN websites if that is your policy, does your
firewall prohit incoming SQL port 1433 if that is your policy, and so forth.


----- Original Message ----- 
On Feb 19, 2004, at 9:07 PM, Matt Lyon wrote:






Hi List,


As a non technical person I want to know why security testing is
required
when all security systems like Firewall, IDS and content management
are in
place.

This is a very basic question but I want to know answers from
different
users point of view like:-

1. system Administrator
2. system Manager
3. User
4. CEO of the company

Thanks in advance.

NKP



Because you can't assume the infalibility of those systems. An
employee could introduce a hole and not know it thus leaving your
whole system vulnerable.

IMHO the hardest part of keeping a network secure is limiting the
human factor.





---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: