eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.
Vulnerability assessment
- Identify the assets and processes at risk
- Focus on business risk, not technology
- Look beyond IT turf: Consider security impact of facility and human resources policies
- Use available automated tools for technical vulnerability scans
- Anticipate legal obligations to ward off intruders and prevent involvement in distributed attacks
- Consider nonelectronic information: Shred sensitive input and output forms; evaluate nonmagnetic backups (for example, microfiche)
- Measure what really matters: lost time, not success rate in blocking attacks