State of Network Security Assessments

Infact, we’ve heard that companies does vulnerability and penetration testing on their corporate infrastructures.

What do you think of the IT Managers way of handling with these results and/or executive summary

1. Does their any action taken with these results

2. Does the system owners /business owners know how to remediate the fixes/finding available in the VA reports

Most of the companies do not react to any of those reports and still continue to run their infrastructure vulnerable. The prime reason for this is lack of knowledge and discipline

So, What is required to remediate the findings

1. Temporary Project Team

2. Engagement & Operating Model

3. Communication & Status Reporting

4. Creating Risk Aware culture

Do you need help, please write to me

2Comments

Add yours

1

qwert123 on November 12, 2013 at 7:53 PM

Even though if you execute those 4 steps, do you think that it will be effective? I doubt. Still, the people won’t respond. The best solution I can suggest is to form a small white hat hacker team (can be same/separate Pen-test team) and exploit those vulnerabilities. Publish those in internal company websites/blogs. Let the owners aware of those exploits and see whether they respond or not.

LikeLike
- 2
  
  zecure on November 13, 2013 at 6:06 PM
  
  Yeah, its again discipline with the resources to remediate the report findings and culture development
  
  LikeLike

Share:

Like this:

Related