Avoiding security assessment mistakes

There are many mistakes one can and does make, causing weaknesses in your network. Protect your network further by avoiding these five security assessment mistakes.

There's a mind-set that as long as security testing is performed -- or performed every year or two -- all will be safe and sound. This is a dangerous assumption and mode of operation, yet many network admins and managers still live and work by it. Security flaws come and go. Unfortunately, with the complexity of networks, applications and information scattered about, more security flaws are coming than going. Developing a sustainable and repeatable process for testing systems is not only the smart business thing to do, but it's also the only way you're going to stay ahead of the curve and keep your Windows systems protected.

Remember: High-level checklist audits, which so many people look up to, are not enough. You've got to dig in -- way in -- and test everything using both automated tools and manual techniques from the bad guys' perspective to see what's really at risk. Look for both technical and operational security weaknesses. Never assume that all's well. Even if it appears to be, odds are a hole somewhere on your network can and will be exploited by someone with malicious intent.

Security assessments and five mistakes to avoid

 Home: Introduction
 Step 1: Relying on audit checklists and automated tools
 Step 2: Not considering the side effects of your tests
 Step 3: Not looking at the whole picture
 Step 4: Spending too much time trying to fix everything
 Step 5: Assuming testing once is enough

About the author: Kevin Beaver is an independent information security consultant, speaker and expert witness with Atlanta-based Principle Logic LLC. He has more than 19 years of experience in IT and specializes in performing information security assessments revolving around compliance and IT governance. Kevin has authored/co-authored six books on information security including Hacking For Dummies and Hacking Wireless Networks For Dummies (Wiley) as well asThe Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He's also the creator of the Security On Wheels audiobook series. You can reach Kevin at [email protected]>.

Read more on IT risk management