Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Audit Framework

From: JSZ <jszbug () gmail com>
Date: Sat, 08 Oct 2005 10:57:18 -0400
Hello all-
My company has recently asked me to perform a high-level security audit of a potential ASP partner. If we were to outsource to this provider they would be responsible for a large amount of proprietary customer and associated data.
I was wondering if anyone has pointers to an audit methodology and associated risk rankings from which I can base my audit. 

The following is a list of items that I plan to cover during the audit:

- Network Access Control

- OWASP top 10 and associated development practices

- Firewall / IDS configuration

- Source code mgmt

- Change management

- General policies and procedures

- Employee Term Process

- Remote access process

- Password management

- Security training

- Proper use of encryption

- Wireless use (WEP/WPA etc..)

- Scanning for rouge AP's

- Patch mgmt

- Log correlation

- Server config / lockdown

- Desktop policy



Any help is appreciated…



JSZ
Previous By Date Next
Previous By Thread Next

Current thread: