[<prev] [next>] [day] [month] [year] [list]
Message-ID: <04F92BA33955D51195B700508B4AB6E91737EC3B@dslak12.dnznet.co.nz>
From: StuartF at datacom.co.nz (Stuart Fox (DSL AK))
Subject: Top 15 Reasons Why Admins Use Security Scan
ners
I think you're oversimplifying things a little. Comments inline.
>
> But there's also another way to look at the original
> comment...security is a process. Running a vulnerability
> scanner isn't a process...it's a point-in-time check, a
> snapshot.
But running a security scanner could well be part of that process. Part of
the security management process is assessing what you have and why it's like
it is. A security scan could well indicate areas where your process and
policies could be improved. Sure, a vulnerability scanner is a point in
time check, but it's one way to help you identify what your current state
is. If you don't know that your process is faulty, you don't stand a
chance.
A good IT security auditor won't focus on the fact
> that certain systems have vulnerabilities...he or she will
> focus on *why* they have the vulnerabilities.
That's a really good point, and does need to be considered. However, if the
auditor doesn't know that there *are* vulnerabilities, how will they know to
look for the *why*?
Powered by blists - more mailing lists