The Sum of Security Parts

By Cameron Sturdevant  |  Posted 2003-07-14 Print this article Print

Tight security takes a concerted effort.

Vulnerability assessment is just one piece of the due diligence pie.

IT managers should craft a security plan only after they understand business objectives because company executives, shareholders and, ultimately, customers measure security breaches in business, not technical, terms.

Before or, at least, during a vulnerability assessment, IT managers should have a complete inventory of hardware and software assets. eWEEK Labs specifically evaluated the ability of the three vulnerability assessment tools we tested to pick up new equipment between scans. Qualys Inc.s QualysGuard Enterprise Intranet Scanner did it best, which is one reason why it earned our Analysts Choice award.

No matter how good a vulnerability assessment tool is, however, it cannot substitute for an effective inventory management system, such as Tally Systems Corp.s TS.Census.

Inventory management tools excel at tracking changes in inventory over time. This creates an audit trail based on vulnerability assessment tools reports that buttresses actions taken.

Due diligence in creating a secure computing environment, whether required by legislation such as the Health Insurance Portability and Accountability Act or by corporate governance boards, requires the kinds of independent audit reports these products generate.

Early in the security management planning process, IT managers should lay out the risks associated with loss or corruption of various enterprise data. Value can be determined by the datas importance to business operations and replacement cost.

In addition, it is becoming increasingly important to gauge the possible legal and ethical liabilities the use of various security tools can create.

Security management is an ongoing process that requires integration among various operations. These include patch management, vigilant anti-virus updates and technology assessments of known weaknesses.

A key advantage to using a vulnerability assessment tool is that security staff will almost certainly be freed up from mundane assessment tasks so that they can consider ways to parry advanced threats.

Cameron Sturdevant Cameron Sturdevant is the executive editor of Enterprise Networking Planet. Prior to ENP, Cameron was technical analyst at PCWeek Labs, starting in 1997. Cameron finished up as the eWEEK Labs Technical Director in 2012. Before his extensive labs tenure Cameron paid his IT dues working in technical support and sales engineering at a software publishing firm . Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his analysis is grounded in real-world concern. Follow Cameron on Twitter at csturdevant, or reach him by email at

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel