Security Basics mailing list archives
Re: Why Security testing is required
From: "Fralick, Alan" <Alan.Fralick () amvescap com>
Date: Tue, 24 Feb 2004 13:58:25 -0600
The point below is valid but the real "Why" is that all the world is dynamic. #1. Intended and documented network changes are constantly occuringing by design as you add PCs, Servers, Users, applications, network connections or entire networks. #2. Unintended or undocumented network changes occur. This may be do to failure to capture/document changes or from unauthorized changes. #3 New vulnerablities are discovered which require changes to security, which require testing. #4. New threats are developed for existing vulnerabilities that may increase risks and warrant more security changes. Alan Fralick -------------------------- Alan Fralick AMVESCAP Retirement IT Operations Manager (o) 404-879-3572 (m) 404-409-3100 alan.fralick () amvescap com -----Original Message----- From: Raoul Armfield <armfield () amnh org> To: 'Matt Lyon' <themattlyon () hotmail com>; security-basics () securityfocus com <security-basics () securityfocus com> Sent: Mon Feb 23 13:31:49 2004 Subject: RE: Why Security testing is required You could compare it to checking all the doors and windows to make sure that they are locked before leaving the house or going to bed. Just because you have doors, windows and locks you do not assume that your house is secure. Same with your network. You periodically need to make sure that everything is up to par. Raoul :-----Original Message----- :From: Matt Lyon [mailto:themattlyon () hotmail com] :Sent: Thursday, February 19, 2004 9:07 PM :To: security-basics () securityfocus com :Subject: RE: Why Security testing is required : : : : :>>Hi List, :> :>As a non technical person I want to know why security testing :is required :>when all security systems like Firewall, IDS and content :management are in :>place. :> :>This is a very basic question but I want to know answers from :different :>users point of view like:- :> :>1. system Administrator :>2. system Manager :>3. User :>4. CEO of the company :> :>Thanks in advance. :> :>NKP :> : :Because you can't assume the infalibility of those systems. An :employee :could introduce a hole and not know it thus leaving your whole system :vulnerable. : :IMHO the hardest part of keeping a network secure is limiting :the human :factor. : :_________________________________________________________________ :Take off on a romantic weekend or a family adventure to these :great U.S. :locations. http://special.msn.com/local/hotdestinations.armx : : :--------------------------------------------------------------- :------------ :Free trial: Astaro Security Linux -- firewall with Spam/Virus :Protection : :Protect your network with the comprehensive security solution that :integrates six applications for ease of use and lower TCO. : :Firewall - Virus protection - Spam protection - URL blocking - VPN :- Wireless security. : :Download 30-day evaluation at: :http://www.securityfocus.com/sponsor/Astaro_security-basics_040219 :--------------------------------------------------------------- :------------- : : --------------------------------------------------------------------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.securityfocus.com/sponsor/Astaro_security-basics_040219 ---------------------------------------------------------------------------- ----------------------------------------- Confidentiality Note: The information contained in this message, and any attachments, may contain confidential and/or privileged material. It is intended solely for the person or entity to which it is addressed. Any review, retransmission, dissemination, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: Why Security testing is required, (continued)
- Re: Why Security testing is required Rishi Pande (Feb 24)
- Re: Why Security testing is required steve (Feb 24)
- most that can happan (was Re: Why Security testing is required Meritt James (Feb 25)
- RE: Why Security testing is required David Gillett (Feb 24)
- Re: Why Security testing is required Byron Sonne (Feb 24)
- Re: Why Security testing is required captgoodnight (Feb 24)
- RE: Why Security testing is required Navaneetharangan (Feb 26)
- Re: Why Security testing is required Meritt James (Feb 26)
- RE: Why Security testing is required Navaneetharangan (Feb 26)
- RE: Why Security testing is required Raoul Armfield (Feb 24)
- RE: Why Security testing is required Steve (Feb 24)
- Re: Why Security testing is required Fralick, Alan (Feb 25)
- RE: Why Security testing is required Ryan Cornelsen (Feb 27)
- Re: Why Security testing is required Rishi Pande (Feb 24)