Security Basics mailing list archives

Re: Why Security testing is required

From: "Fralick, Alan" <Alan.Fralick () amvescap com>
Date: Tue, 24 Feb 2004 13:58:25 -0600

The point below is valid but the real "Why" is that all the world is
dynamic. 
#1. Intended and documented network changes are constantly occuringing by
design as you add PCs, Servers, Users, applications, network connections or
entire networks. 
#2. Unintended or undocumented network changes occur. This may be do to
failure to capture/document changes or from unauthorized changes. 
#3 New vulnerablities are discovered which require changes to security,
which require testing. 
#4. New threats are developed for existing vulnerabilities that may increase
risks and warrant more security changes. 

Alan Fralick
--------------------------
Alan Fralick
AMVESCAP Retirement
IT Operations Manager
(o) 404-879-3572
(m) 404-409-3100
alan.fralick () amvescap com

-----Original Message-----
From: Raoul Armfield <armfield () amnh org>
To: 'Matt Lyon' <themattlyon () hotmail com>; security-basics () securityfocus com
<security-basics () securityfocus com>
Sent: Mon Feb 23 13:31:49 2004
Subject: RE: Why Security testing is required

You could compare it to checking all the doors and windows to make sure
that they are locked before leaving the house or going to bed.   Just
because you have doors, windows and locks you do not assume that your
house is secure.  Same with your network.  You periodically need to make
sure that everything is up to par.

Raoul  

:-----Original Message-----
:From: Matt Lyon [mailto:themattlyon () hotmail com] 
:Sent: Thursday, February 19, 2004 9:07 PM
:To: security-basics () securityfocus com
:Subject: RE: Why Security testing is required
:
:
:
:
:>>Hi List,
:>
:>As a non technical person I want to know why security testing 
:is required
:>when all security systems like Firewall, IDS and content 
:management are in
:>place.
:>
:>This is a very basic question but I want to know answers from 
:different
:>users point of view like:-
:>
:>1.    system Administrator
:>2.    system Manager
:>3.    User
:>4.    CEO of the company
:>
:>Thanks in advance.
:>
:>NKP
:>
:
:Because you can't assume the infalibility of those systems. An 
:employee 
:could introduce a hole and not know it thus leaving your whole system 
:vulnerable.
:
:IMHO the hardest part of keeping a network secure is limiting 
:the human 
:factor.
:
:_________________________________________________________________
:Take off on a romantic weekend or a family adventure to these 
:great U.S. 
:locations. http://special.msn.com/local/hotdestinations.armx
:
:
:---------------------------------------------------------------
:------------
:Free trial: Astaro Security Linux -- firewall with Spam/Virus 
:Protection
:
:Protect your network with the comprehensive security solution that
:integrates six applications for ease of use and lower TCO.
:
:Firewall - Virus protection - Spam protection - URL blocking - VPN
:- Wireless security.
:
:Download 30-day evaluation at:
:http://www.securityfocus.com/sponsor/Astaro_security-basics_040219
:---------------------------------------------------------------
:-------------
:
:


---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.securityfocus.com/sponsor/Astaro_security-basics_040219
----------------------------------------------------------------------------

-----------------------------------------
Confidentiality Note: The information contained in this message, and any attachments, may contain confidential and/or 
privileged material. It is intended solely for the person or entity to which it is addressed. Any review, 
retransmission, dissemination, or taking of any action in reliance upon this information by persons or entities other 
than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the 
material from any computer.


---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Re: Why Security testing is required, (continued)
- Re: Why Security testing is required Rishi Pande (Feb 24)
  - Re: Why Security testing is required steve (Feb 24)
  - most that can happan (was Re: Why Security testing is required Meritt James (Feb 25)
- RE: Why Security testing is required David Gillett (Feb 24)
- Re: Why Security testing is required Byron Sonne (Feb 24)
- Re: Why Security testing is required captgoodnight (Feb 24)
  - RE: Why Security testing is required Navaneetharangan (Feb 26)
    - Re: Why Security testing is required Meritt James (Feb 26)
- RE: Why Security testing is required Raoul Armfield (Feb 24)
- RE: Why Security testing is required Steve (Feb 24)
- Re: Why Security testing is required Fralick, Alan (Feb 25)
- RE: Why Security testing is required Ryan Cornelsen (Feb 27)