Three Security Heads Are Better Than One

By Cameron Sturdevant  |  Posted 2007-07-24 Print this article Print

Tech Analysis: After a vulnerability exposure, it pays to work with best-of-breed security resources.

Youve followed all the security best practices. Youve patched every server. Youve hardened every application. Youve trained your users in the fine art of security consciousness. Then your companys data is somehow exposed. Now what?
In a perfect world, a vulnerability assessment would be run, then penetration tests and then remediation. Further, each of these actions would be performed by a different organization.
Click here to read about a Fox News exposure that affected eWEEK publisher Ziff Davis Media. Why? I think its important to separate vulnerability assessment, penetration testing and remediation into three distinct segments, run by three different organizations. This helps avoid any possible conflict of interest and ensures the best results. Going with a vendor or consultant that specializes in vulnerability assessment, another that specializes in pen testing and a third that specializes in remediation is sure to be more effective than going with an organization that pretends to specialize in all three. And going with three separate entities is a way to prevent any one such company from using not the best products and solutions, but the ones that its partners gave it the best deal on. Dividing these tasks almost certainly adds time and complexity—not to mention cost—to the ultimate security solution. However, with three sets of independent security consultants checking on your site and on each other, the chances of a motivated hacker finding a hole in your systems is greatly reduced. Labs Technical Director Cameron Sturdevant can be reached at Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.
Cameron Sturdevant Cameron Sturdevant is the executive editor of Enterprise Networking Planet. Prior to ENP, Cameron was technical analyst at PCWeek Labs, starting in 1997. Cameron finished up as the eWEEK Labs Technical Director in 2012. Before his extensive labs tenure Cameron paid his IT dues working in technical support and sales engineering at a software publishing firm . Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his analysis is grounded in real-world concern. Follow Cameron on Twitter at csturdevant, or reach him by email at

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel