Ask the Expert

Test a security architecture design without an IT security consultancy

As a security manager, what are the best strategies or tips to take a step back and try to look at our organization's security posture from an outsider's perspective? I'm not interested in spending money on consultants or pen-testing, but I'd like to try to do a better job of looking at our strategy from a distance or impartially. Any advice?

    Requires Free Membership to View

This can be very tricky. One of the huge benefits of consultants is that they can look at an environment from a different perspective, or at least with a fresh set of eyes.

As consultants are not an option, though, there are a couple of things you can do. One is look at other deployments being publicly discussed and compare and contrast them with your own environment. This allows you to compare your enterprise with those of your peers and identify possible ways of improving things.

Alternately, go through a thought exercise in which you redesign the environment to your dream specifications, as if cost or business concerns didn't interfere. You can then again compare what you'd have in an ideal world with what you have today and see if any of the differences are ones you can implement.

A third option is to hand your architectures to members of your own team or a related team (someone from networking or servers or engineering, for example) and ask how they'd do things differently.

For more information:

This was first published in January 2010

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: