Guidelines For Reviewing Security Policies, Processes, And Procedures

By Author: unknownmem
Total Articles: 128
Comment this article

Security policies, processes, and procedures should be microsoft exams(http://www.mcitp-70-620.com)
periodically reviewed. Follow these guidelines for doing so:
When new security risks are identified, ensure that current security practices, Web site configuration, and server configuration adequately deal with the risk. For example, if a new worm is discovered, will the server be vulnerable?
If new processes or procedures for securing Web servers and Web sites are developed, review the applicability for your Web servers and sites.
If new application development processes or new application security review capabilities become available, review their appropriateness for your application's development and review processes. For example, will redesigning a Web application as a .NET framework application improve your ability to secure it? Will designing Web applications as Web services increase or reduce the security risk to the application data? Can new development tools that check for buffer overflows in applications be used in Web development?
If new tools for MCITP certification(http://www.mcitp-70-620.com)
...
... vulnerability analysis are available, determine whether they "will be of value in discovering and correcting vulnerabilities in Web servers, Web sites,and applications.
Conduct periodic Web application, Web site, and Web server threat analysis reviews. Threat analysis reviews allow administrators, developers, management,
security personnel, users, and others to use their knowledge of the Web server and how it is used to speculate on potential risks to that environment. The discovery of unknown security risks should result in a security review to determine whether any new action is required to reduce or eliminate the risk.
When Web server changes are made, evaluate changes to determine whether security has been reduced. A change management process should be in place that approves and monitors changes to Web server and Web site configuration as well as application changes. Part of this process should ensure a security review of the changes proposed. In addition to Web site access logging, changes should be logged. Monitoring changes to ensure only authorized changes have been made and to determine whether the security analysis was correct will help discover potential problems before they become problems and discover potential attacks.
Review the use of intrusion detection systems (IDSs) and vulnerability analysis systems that are in place to determine whether they are doing the necessary job and whether the free Microsoft questions(http://www.examshots.com/vendor/Microsoft-1.html)
information they produce is being used.