Setting your Windows security assessment expectations, step by step

I've made the mistakes myself and I see it happening over and over again whereby a network administrator, internal security team or a third-party consultant performs security assessments without setting the expectations of everyone involved. Everything from which systems to test, when to perform the testing, which tools to use and what deliverables to expect are often not properly communicated. This ends up causing major headaches, political problems and the creation of unnecessary business risks.

These issues are the same whether you're testing your own internal Windows-based systems or testing those of a client. Here are some key areas you can focus on to ensure everyone's expectations are properly set and security assessment-related problems are kept to a minimum.

Setting your Windows security assessment expectations

 Home: Introduction
 Step 1: Determine the business goals
 Step 2: Get input and information from others
 Step 3: Let everyone know that problems will likely occur
 Step 4: Let your testing be known and keep people in the loop
 Step 5: Report what happened

About the author: Kevin Beaver is an independent information security consultant, speaker and expert witness with Atlanta-based Principle Logic LLC. He has more than 19 years of experience in IT and specializes in performing information security assessments involving compliance and IT governance. Kevin has authored/co-authored six books on information security including Hacking For Dummies and Hacking Wireless Networks For Dummies (Wiley) as well as The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He also created the Security On Wheels series of audiobooks. Kevin can be reached at kbeaver@principlelogic.com.

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Microsoft Windows Network Security Are tougher NACs needed in your shop? Restricting user permissions in folders Windows XP folder permissions management NTFS permissions control: Who will watch the watcher? Top Windows server hardening tips of 2006 Safe and secure Windows logging practices Eliminate zero-day threats with virtual server technology Permitting Ping: ICMP Exceptions Stop unauthorized access Microsoft Longhorn Server Core: Security implications Vulnerability assessment planning and reporting Top Windows security testing tips of 2007 Why you should plan Windows network security tests Security assessments and five mistakes to avoid Essential elements of a good security assessment report Security scan results: Take them with a grain of salt Plan out your network security testing for these eight reasons Vulnerability/Authentication tips for Windows Buffer overflows can be prevented by GS cookies DHCP Client Service error affects network security Free security tools that can improve IIS security Correct improperly assigned user rights in Windows XP Free security testing tools for Windows handheld devices Windows Integrity Control (WIC) in Vista Metasploit 3.1 updates improve Windows penetration testing Cross-site scripting 101: XSS attacks plague Web browsers Windows network rights, password policy and network security testing Top Windows security testing tips of 2007

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Security Descriptor Definition Language  (SearchWindowsSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary