17 basics question for SOX vulnerability assessment
- Do you have any security-related policies and standards
- If so, do you want us to review them
- Do you want us to perform a review of the physical security of your servers and network infrastructure
- How many Internet domains do you have
- How many Internet hosts do you have
- Do you want us to map your Internet presence Otherwise, can you provide us with a detailed diagram of your Internet presence, including addresses, host OS types, and software in use on the hosts We will also need addresses in use on both sides of the hosts if they connect to both the Internet and the internal network.
- Do you want us to review the security of your routers and hubs
- If so, how many routers and hubs exist on your network
- Do you want us to perform a security review of the workstations on the network
- If so, what operating systems are the workstations running
- If so, how many workstations would you like tested
- Our review will assess five or less servers of each type (NT, UNIX, and Novell); do you want us to review more than that
- If so, how many of each
- Do you want denial-of-service testing to be conducted This testing can have adverse effects on the systems tested. We can arrange to do this test during nonproduction hours.
- Do you want us to perform a modem scan of your analog phone lines
- What kind of RAS server are you using, and how many modems are used
- Do you want us to travel to other sites to perform assessments on systems
Popularity: 7% [?]
