Tips for Successful IT Security Assessments - dummies

Tips for Successful IT Security Assessments

By Kevin Beaver

Part of Hacking For Dummies Cheat Sheet

You need successful security assessments to protect your systems from hacking. Whether you’re performing security tests against your own systems or for those of a third party, you must be prudent and pragmatic to succeed. These tips for security assessments will help you succeed in your role as an information security professional:

  • Set goals and develop a plan before you get started.

  • Get permission to perform your tests.

  • Have access to the right tools for the tasks at hand.

  • Test at a time that’s best for the business.

  • Keep the key players in the loop during your testing.

  • Understand that it’s not possible to detect every security vulnerability on every system.

  • Study malicious hacker and rogue insider behaviors and tactics. The more you know about how the bad guys work, the better you’ll be at testing your systems for security vulnerabilities.

  • Don’t overlook nontechnical security issues; they’re often exploited first.

  • Make sure that all your testing is aboveboard.

  • Treat other people’s confidential information at least as well as you would treat your own.

  • Bring vulnerabilities you find to the attention of management and implement the appropriate countermeasures as soon as possible.

  • Don’t treat every vulnerability discovered in the same manner. Not all weaknesses are bad. Evaluate the context of the issues found before you declare that the sky is falling.

  • Show management and customers that security testing is good business and you’re the right professional for the job. Security assessments are an investment to meet business goals, find what really matters, and comply with the various laws and regulations — not about silly hacker games.