InfoWorld - Security Adviser: Secure or not? 10 spot checks will tell you

/Home/Internet Security: Blogs/Internet Security: InfoWorld blog/InfoWorld: Security Adviser 2012

You don't need a high-powered consultant to determine whether your security sucks. Try this simple checklist instead

By Roger A. Grimes
JULY 17, 2012

I don't know about you, but I can tell in about a minute how much someone I've just met knows about computers, networks, and security. It's in what they say, how they respond, and what they think about particular subjects. I bet most of you can do the same. And like me, I bet you've found these first impressions to be surprisingly accurate.

The same snap judgement occurs when I'm asked to perform a thorough security survey of a network or company. Although my professional checklists run to hundreds of items, I normally go through a handful when I first arrive on site, which gives me a fairly accurate indicator of the network's overall health.

My average security review lasts from one to four weeks, depending on the scope and the details required. My reports are often 40 to 80 pages long. But the reality is that I can make a pretty accurate prediction of what that final report will look like by checking just 10 items:

Click the URL above to read the full article