Security Basics mailing list archives
Audit Framework
From: JSZ <jszbug () gmail com>
Date: Sat, 08 Oct 2005 10:57:18 -0400
Hello all-My company has recently asked me to perform a high-level security audit of a potential ASP partner. If we were to outsource to this provider they would be responsible for a large amount of proprietary customer and associated data.
I was wondering if anyone has pointers to an audit methodology and associated risk rankings from which I can base my audit.
The following is a list of items that I plan to cover during the audit: - Network Access Control - OWASP top 10 and associated development practices - Firewall / IDS configuration - Source code mgmt - Change management - General policies and procedures - Employee Term Process - Remote access process - Password management - Security training - Proper use of encryption - Wireless use (WEP/WPA etc..) - Scanning for rouge AP's - Patch mgmt - Log correlation - Server config / lockdown - Desktop policy Any help is appreciated… JSZ
Current thread:
- Audit Framework JSZ (Oct 11)
- Re: Audit Framework cta () hcsin net (Oct 12)