I would say that you don't want them to actually read data, but proving they
can or can't get to it is a good thing. You also want them to evaluate the
physical premises for locations of servers and other things.
I just finished a class on Win2K Security and the instructor mentioned that
he started an audit by noticing the backup tapes on the receptionist's desk
and just signed for them saying 'The other guy's out sick' and walked out
with them so there is definitely a lot to one if you let them do it right.
Dating the boss' daughter/secretary might be a bit much, though :)
Gary
-----Original Message-----
From: Stephen Chiang [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 20, 2001 6:52 PM
To: NT System Admin Issues
Subject: Security Audit
I'm hiring someone to do a security audit of our site, what are some of the
things that I need to ask a security company to do? Any tips? THanks.
Stephen
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
