Re: [fw-wiz] I wonder, how to test..

From: Kevin Sheldrake (kev_at_electriccat.co.uk)
Date: 07/30/04 

To: "Paul D. Robertson" <paul@compuwar.net>, "Meindert Uitman" <meindert.uitman@avic.nl>
Date: Fri, 30 Jul 2004 18:35:40 +0100

Paul D. Robertson wrote:
<SNIP>
> Test what you can, monitor what you can, and validate/verify by looking
> at
> common patterns and see how you've faired historically. That won't give
> you a huge relief gap you're looking for, but what you're looking for
> really isn't cheap to do right.

I've read somewhere that companies are urged to spend at least 5% of their
IT budget on security (presumably an industry or Government thing - I
can't recall). For the purposes of this, IT budget should include the
salaries of the IT staff (or proportion of salary where someone is dual
hatted), annual software licence costs, hardware budget, etc. For even a
small organisation this can run into many thousands of pounds (I'm
British, but I'm sure you all can convert to local currencies ;). If
nothing else, this might fund a qualified security consultant to do some
testing and present a balanced picture. Of course, if you don't already
have a security policy and up-to-date architecture diagrams then the
security consultant may well rub his hands with glee and flog you
additional consultancy to help you understand what you're trying to
protect, in what way and from whom.

Just my 1.1 UK pence.

Kev 

-- 
Kevin Sheldrake MEng MIEE CEng CISSP
Electric Cat (Bournemouth) Ltd
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards