Tools to use..(Saint, nessus, nmap....etc) Methodology to be followed Network and OS Exploits to test the n/w for Understanding and looking for holes in perimeter
and DMZ zones.
Pointers to docs/infomation with respect to the same will be highly appreciated. Thanks in advance
folks.
Trevor
<snip> Starting point would be Current Status Assessment, which includes Interviewing Key IT security personnels. Existing document review - Internal Technical Security & Policy Procedures.
Second step would be to conduct a GAP Analysis in this process there would be Technical Risk assement & Procedural Risk Assessment Your Technical Risk Assessment is where you would conduct activities like Vulnerability Assessment and Penetration Testing. ( Here u can use tools mentioned above. ) Under Procedural Risk Assessment there would Device Risk Assessment, This process is a checklist driven activity. Then comes your Qualitative Risk Assessment and Quantitative Risk Assessment.
Consolidating all above you would then submit a GAP analysis draft, which includes the discussion you had with client and recommended suggestions on the finding.
Followed by it would be a Post Implementation Audit, which takes care of the recommendation suggested in your report.
Regards, Animesh.
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com