IN THIS CHAPTER

Automating tasks

Watching for misbehavior

Outsourcing your security testing

Keeping security on everyone’s mind

Information security is an ongoing process that you must manage effectively over time to be successful. This management goes beyond periodically applying patches and hardening systems. Repeatedly performing your security tests is critical; security vulnerabilities emerge continually. To put it another way: Security tests are a snapshot of your overall information security, so you must continually perform your tests to keep up with the latest issues. Ongoing diligence is required for compliance with various laws and regulations and for minimizing business risks related to your information systems.

Automating the Security Assessment Process

You can run a large portion of the following security tests in this book automatically:

• Ping sweeps and port scans to show what systems are available and what’s running (a big oversight that’s often the beginning of larger security problems)
• Password cracking tests to attempt ...