Which came first (or should): Assessment, Consultation or Penetration Test

Does your company do annual assessments and penetration tests?  Your answer should be yes.  Ask yourself this, have you ever had a annual consultation?  Assessments and penetration tests are important and vital to ensuring proper information security controls are working.  But what should be more important and also done annually ( before assessments and penetration tests ) is a consultation with an outside information security consultant.

A consultation with an Information Security consultant is a review of your current security posture and is used to verify you have the needed and required security controls in place.  This review should not involve scanning tools, servers, networks or any other technical devices.   This review should  look at documentation and processes covering items such as anti-virus on servers and PCs, firewall configurations, network design, switch and router ACL, state of patches and more.  This is a thorough review of the state of your company’s security posture.  This is your Information Security gap analysis.

This analysis will assist you in ensuring you are implementing proper and thorough layered security and help set the short term direction of your information security work.  This means implementing controls that are missing and updating controls that are weak.

After these gaps are “plugged” then plan to have an assessment done to verify the remediation work is complete and that the controls are effective.


Welcome to Assuagent Ltd.

This page is where we will post thoughts, ideas and information we believe to be of interest or value to our customers and business community.  We provide this information as a way to give back to the Information Security community and business community.

Topics will be targeted towards Information Security but will not necessarily be technical in nature.  Posts may be technical, business process focused, hot topics in the news or just interesting topics.

We are glad to put the effort into developing these posts and hope you find them useful.