8 Questions For Uncovering Information Security Vulnerabilities - CIO.com - Business Technology Leadership

Andrew Jaquith considers 8 hypotheses, and for each provides diagnostic questions. A great read.
  1. The network perimeter is porous, permitting easy access to any outsider.
  2. An outsider can readily obtain access to internal systems because password policies are weak.
  3. Once on the network, attackers can easily obtain administrator credentials.
  4. An intruder finding a hole somewhere in the network could easily jump straight to the core transactional systems.
  5. Workstations are at risk for virus or worm attacks.
  6. Viruses and worms can spread quickly to large numbers of computers.
  7. Application security is weak and relies too heavily on the “out of the box” defaults.
  8. The firm’s deployments of applications are much riskier than those made by leaders in the field (for example, investment banking).
Src: 8 Questions For Uncovering Information Security Vulnerabilities | CIO.com [tx to @lennyzeltser]

No comments: