Français
5. Conclusion
A company's attack surface is (too) large to resist targeted attacks. Despite this fact, it is necessary to regularly assess the security level of certain critical parts of the company's infrastructure. This calls for a methodology that identifies the assets to be protected, defines the security measures to be implemented (cf. ISO 27001) and carries out the verification phase (the audit), which serves as the entry point for the compliance phase.
As IT environments continue to change (particularly in a highly competitive context), and the environment becomes increasingly hostile, it is essential to regularly assess the level of security of those parts of the enterprise considered critical. In this sense, auditing is essential, and has a bright future ahead of it.
The author would like to thank Maryline...
The Ultimate Scientific and Technical Reference
This article is included in
Safety and risk management
This offer includes:
Knowledge Base
Updated and enriched with articles validated by our scientific committees
Services
A set of exclusive tools to complement the resources
Practical Path
Operational and didactic, to guarantee the acquisition of transversal skills
Doc & Quiz
Interactive articles with quizzes, for constructive reading
Conclusion
Bibliography
Works
Software tools
• Aircrack-ng http://www.aircrack-ng.org
• Arachni http://arachni-scanner.comhttps://github.com/arachni
Websites
• Cédric Blancher's blog http://sid.rstck.org/blog
• eSecurity Planet http://www.esecurityplanet.com
• CLUSIF: Documents and safety guides for download http://www.clusif.asso.fr/fr
...Standards and norms
- Information technology – Security techniques – Information security management systems – Requirements - ISO/IEC 27001 - 2005
- Information technology – Security techniques – Information security risk management - ISO/IEC 27005 - 2008
The Ultimate Scientific and Technical Reference
