Firewall Wizards mailing list archives
Re: I wonder, how to test..
From: "Kevin Sheldrake" <kev () electriccat co uk>
Date: Fri, 30 Jul 2004 18:35:40 +0100
Paul D. Robertson wrote: <SNIP>
Test what you can, monitor what you can, and validate/verify by looking atcommon patterns and see how you've faired historically. That won't give you a huge relief gap you're looking for, but what you're looking for really isn't cheap to do right.
I've read somewhere that companies are urged to spend at least 5% of their IT budget on security (presumably an industry or Government thing - I can't recall). For the purposes of this, IT budget should include the salaries of the IT staff (or proportion of salary where someone is dual hatted), annual software licence costs, hardware budget, etc. For even a small organisation this can run into many thousands of pounds (I'm British, but I'm sure you all can convert to local currencies ;). If nothing else, this might fund a qualified security consultant to do some testing and present a balanced picture. Of course, if you don't already have a security policy and up-to-date architecture diagrams then the security consultant may well rub his hands with glee and flog you additional consultancy to help you understand what you're trying to protect, in what way and from whom.
Just my 1.1 UK pence. Kev -- Kevin Sheldrake MEng MIEE CEng CISSP Electric Cat (Bournemouth) Ltd _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- I wonder, how to test.. Meindert Uitman (Jul 29)
- Re: I wonder, how to test.. Adrian Grigorof (Jul 30)
- Re: I wonder, how to test.. Kevin Sheldrake (Jul 30)
- Re: I wonder, how to test.. Martin Mačok (Jul 30)
- Re: I wonder, how to test.. Kevin Sheldrake (Jul 30)
- Re: I wonder, how to test.. Paul D. Robertson (Jul 30)
- Re: I wonder, how to test.. Kevin Sheldrake (Jul 30)
- Re: I wonder, how to test.. Adrian Grigorof (Jul 30)