[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-Disclosure] Top 15 Reasons Why Admins Use Security Scan ners
- To: "Starford, Christopher D." <CHRISTOPHER.D.STARFORD@xxxxxxxx>
- Subject: RE: [Full-Disclosure] Top 15 Reasons Why Admins Use Security Scan ners
- From: Harlan Carvey <keydet89@xxxxxxxxx>
- Date: Wed, 28 Apr 2004 13:04:33 -0700 (PDT)
And you know something, Chris...that's fine. Really.
I just left a position in the private sector w/ a
company that was audited over a dozen times a year by
various customers. Even their external auditors (ie,
*not* customers) were clueless when it comes to IT or
security. One audit did include a knowledgeable
security professional on staff...but just one.
But there's also another way to look at the original
comment...security is a process. Running a
vulnerability scanner isn't a process...it's a
point-in-time check, a snapshot. A good IT security
auditor won't focus on the fact that certain systems
have vulnerabilities...he or she will focus on *why*
they have the vulnerabilities.
> I believe many true IT Security Auditors out there
> would agree that your wrong on this one.
>
> > -How will I ever pass my IT Security Audits?
> >
> > Don't worry about it...most audits don't seem to
> have
> > an IT background, and even when they do, they
> don't
> > take the time to understand your business
> processes or
> > your network infrastructure.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html