RE: Top 15 Reasons Why Admins Use Security Scan ners

[Harlan Carvey <keydet89 () yahoo com>]

And you know something, Chris...that's fine.  Really. 
I just left a position in the private sector w/ a
company that was audited over a dozen times a year by
various customers.  Even their external auditors (ie,
*not* customers) were clueless when it comes to IT or
security.  One audit did include a knowledgeable
security professional on staff...but just one.  

But there's also another way to look at the original
comment...security is a process.  Running a
vulnerability scanner isn't a process...it's a
point-in-time check, a snapshot.  A good IT security
auditor won't focus on the fact that certain systems
have vulnerabilities...he or she will focus on *why*
they have the vulnerabilities.

> I believe many true IT Security Auditors out there
> would agree that your wrong on this one.
>
> > -How will I ever pass my IT Security Audits?
> >  
> > Don't worry about it...most audits don't seem to
> have
> > an IT background, and even when they do, they
> don't
> > take the time to understand your business
> processes or
> > your network infrastructure.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html