Network Security Illustrated buy the book at Amazon now!


search site
Table of Contents

Book
Introduction

Managing
Security

Outsourcing
Options

Reserving
Rights

Determining
Identity

Preserving
Privacy

Connecting
Networks

Hardening
Networks

Storing
Information

Hiding
Information

Accessing
Information

Ensuring
Availability

Detecting
Intrusions

Page Tools
print this pagePrint this Page
email this pageEmail this Page
notify me when this section changesWatch for Updates
send us feedbackSend us Feedback
The Security
Assessment
Chapter List
The Security Assessment
System and Network Monitoring
More Information
Resources (links)
Discussions
FAQs
Errata
Sample Pages
Buy The Book
at amazon.com
A security assessment gauges the risks facing a network and is used to select potential solutions.

You can’t manage problems if you don’t know they exist, and you can’t manage successful execution if you don’t measure deliverables. A security assessment identifies a company’s technical and organizational security fallibilities. The goal of such an assessment is to gather information in order to create or revise security policies.

No “standard” security assessment exists. It’s a process that is custom-tailored to each organization. Templates, guides, and software tools are readily available to help conduct a security assessment for any organization, and consultants who specialize in conducting security assessments can also be hired. However it is accomplished, a security assessment will vary depending upon the security goals of the organization being analyzed.

Don’t confuse security assessments with security audits. In our opinion, these are two very different concepts. The term audit refers to an established compliance procedure used to satisfy legal or regulatory obligations. An assessment is an internal initiative used to create a baseline picture of a network’s security, usually for thepurpose of making improvements. It’s pointless for us to discuss audits here, because their requirements change based on the the industry, regulatory, and legal requirements. Recent historical events such as September 11, 2001 and the barrage of corporate accounting scandals have raised the bar significantly in terms of security requirements. Security assessments are something that every organization should periodically perform.

More Information

The above information is the start of a chapter in "Network Security Illustrated," published by McGraw-Hill and available from amazon.com, as well as your local bookstore. The book goes into much greater depth on this topic. To learn more about the book and what it covers, click here.

Below, you'll find links to online resources that supplement this portion of the book.


Resources

(websites, books, etc.)

Discussions

FAQs

Errata

Sample Pages