How Security cHangeD PoSt 2000 105
network to divert trac between networks). In Q we knew nothing of
the security posture of the other connected corporate networks (OK,
well Q had asked a service provider to do penetration tests of the other
rms’ networks—but personally I was not going to rely on the output
of these tests), and with this in mind, the vulnerability management
side of things in Q had to be improved. So with management support,
I had a mandate to lead the new vulnerability management approach
that would involve a combination of remote and local/scripted tests—
with the depth of analysis dependent on the criticality/exposure of the
hosting device.
e proper way to carry out a vulnerability assessment program
is with a platform ...