Home
Topics
IT security
IT risk management
Windows security assessment Step 3

Windows security assessment Step 3

Speaking of trouble, it's pretty much guaranteed that something unplanned is going to happen during your testing. This is arguably the most important yet most overlooked area of performing security assessments. Windows accounts may get locked, services may stop responding or the business Internet connection may slow to a crawl. You could accidentally schedule your testing tools to run scans at the wrong times. You may even have trouble using one of your security tools that delays the testing and throws the entire testing window off.

Don't let the words, "It'll be all right," become forever branded onto your name or career. It's better to tell people up front that stuff like this may very well come up. They'll know to be on the lookout and won't get caught off guard.

Setting your Windows security assessment expectations

Home: Introduction
Step 1: Determine the business goals
Step 2: Get input and information from others
Step 3: Let everyone know that problems will likely occur
Step 4: Let your testing be known and keep people in the loop
Step 5: Report what happened

About the author: Kevin Beaver is an independent information security consultant, speaker and expert witness with Atlanta-based Principle Logic LLC. He has more than 19 years of experience in IT and specializes in performing information security assessments involving compliance and IT governance. Kevin has authored/co-authored six books on information security including Hacking For Dummies and Hacking Wireless Networks For Dummies (Wiley) as well as The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He also created the Security On Wheels series of audiobooks. Kevin can be reached at kbeaver@principlelogic.com.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Read More

Related content from ComputerWeekly.com
RELATED CONTENT FROM THE TECHTARGET NETWORK

This was first published in March 2007

COMMENTS powered by Disqus // Commenting policy

More from Related TechTarget Sites

CIO
Security
Networking
Data Center
Data Management

CIO
- Amid school budget cuts, CIO combines cost savings with innovation
  
  Amid budget cuts, a Florida school district CIO earns high marks for innovations that shore up and improve IT while saving money.
- Students-first mentality drives IT innovation at Athabasca University
  
  CIO Brian Stewart put students first in an overhaul of IT systems at Athabasca University. Read more about this IT Leadership Awards finalist.
- Consistent cybersecurity training a must to meet evolving threats
  
  In this week's Searchlight: bold new threats highlight need for cybersecuity training, why big data requires soft skills, cloud confusion and more.
Security
- Using network flow analysis to improve network security visibility
  
  To overcome network security issues from advanced attackers and BYOD, security professionals are turning to network flow analysis to gain improved network security visibility.
- Sourcefire updates malware detection, malware analysis capabilities
  
  New features for detecting and analyzing malware in Sourcefire's FireAMP and FirePOWER products supplement flagging signature-based antimalware.
- Goals for how to become a CISO if you're a security technologist
  
  Security technologists aspiring to become CISOs must develop a variety of business skills, as Joe Granneman explains in this Ask the Expert Q&A.
Networking
- WAN optimizer form factor differences don't dictate superiority
  
  The WAN optimization Magic Quadrant reveals different WAN optimizer form factors are helping to better match evolving enterprise requirements.
- Using big data analysis to harness your network operations
  
  Big data is all the craze, but analyzing big data intelligently can help network administrators pinpoint potential problems.
- Troubleshooting network problems with good governance and design
  
  Packet loss, oversubscription, unpatched and inconsistent switch software still plague enterprise networks. Find out how engineers are fighting back.
Data Center
- Data center technologies evolve to meet tomorrow's computing demands
  
  VMware's upcoming public cloud and AMD's 64-bit ARM servers are technologies for the data center that exemplify the changes in the IT industry.
- New data center cooling strategies to improve efficiency, lower costs
  
  Stagnant strategies for data center cooling will keep energy bills climbing ever higher, but a more modern approach can bring them back down to earth.
- Converged systems usher in data center transformation
  
  The rise of converged systems has brought a new level of manageability to the data center, but these integrated offerings have a few drawbacks.
Data Management
- New BI stack tackles data load at Boston Children's Hospital
  
  Boston Children's Hospital upgraded its business intelligence architecture to boost enterprise reporting, a move that also required retraining users.
- Expanded Hadoop use cases will drive need for new enterprise features
  
  With user interest rising, Hadoop vendors are trying to pave a path to higher adoption with add-ons that target issues holding the technology back.
- Jim Goodnight on SAS in-memory analytics and the data scientist
  
  A podcast Q&A with SAS execs Jim Goodnight and Jim Davis looks at big data enablers, including in-memory analytics, and the role of data scientists.

All Rights Reserved,Copyright 2000 - 2013, TechTarget