Ask the Expert

How to select a set of network security audit guidelines

Are there certain types of information or sources of information I should look for when I do a network security audit that most people overlook?

    Requires Free Membership to View

The single most important piece of advice that I can offer you is this: Select a solid security audit standard or set of standards that you will audit against, and advise the auditee of the standard(s) well in advance of the audit. This ensures a level playing field and prevents the subject of the audit from crying foul when you examine something they didn't expect.

As far as overlooked information sources, I normally refer to two sources when preparing materials for a network security audit. The Center for Internet Security has a wonderful selection of security standards that can be adapted to suit the purposes of your audit. Second, the Payment Card Industry Data Security Standard (PCI DSS) offers a great set of general security requirements that can be used for any audit, even if you're not involved in credit card processing.

For more information:

This was first published in June 2009

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: