What is the best way to do a security assessment to ensure the system or network is secure or properly setup? Would you outsource external consultants or setup internal team?

Process ManagementSecurity & GRC
5.5k viewscircle icon16 Comments
Sort by:
Director of IT in Energy and Utilitiesa year ago

You need an independent assessment periodically.  Say annually.  Between those, do things that apply to your organization based on all the different factors that your organization finds important and applicable

Director of ITa year ago

IT is extremely important to define the security posture for the enterprise which must includes all the applicable domains Perimeter, Identity & Access, Data, Network, Endpoint, Cloud, Application, Mobile, Industrial Security along with , DR and BCP. Looking at each domain will help to ensure the coverage of all the domain areas. Identify the Gaps in security policies, appropriate tools in place and Threat notification mechanism is in place. 
It is recommended to bring the external party to assess the security assessment of the enterprise, however define the scope with open eyes and mind,  be open to share all kind of data and information required. Keep the governance in your hand.
in summary, it has to be hybrid team of internal and external experts. Hope this helps.

CIOa year ago

In my opinion, the most effective way to address security issues is aways use an internal team. However, those professionals are rare, asking high salaries and hard/expensive to retain.

So, hiring a consultant company, which has a reputable knowledge at this point, has a talented team and a commitment to continuously enhancing their skills in such complex area, could be an alternative that must be considered.

Board Member in Healthcare and Biotecha year ago

A bit of both - internal and external

External to conduct the initial and post mediation assessment, and then at predefined milestones like an upgrade/major change, or period say annual.

Internal to own the remediation and manage business impact and expectations

Finally as the IT leader, communicate why, what and end game to not just the impacted stakeholders, but across the company to strengthen the perceptions of security.

Senior Vice President - Advanced Engineering & Data Analytics in Manufacturinga year ago

The best and foolproof way of security assessment is through Penetration testing and that will surface the vulnerabilities across the enterprise. Further security monitoring and threat detection through log aggregation and analytics helps continuously identify the anomality and remediation can secure the enterprise. Further regular audits will help in ensure configurations and upgrades/ patches. This can be outsourced to external firms and can be better managed through specialists.    

Content you might like

What is currently the best tool available for process mining or process modeling? I would appreciate your suggestions.

What is your most used Identity Access Management (IAM) tool?

Authentication47%

Authorization44%

Identity Governance and Administration (IGA)7%

Other (comment below)

View Results

Which tech conference do you intend to attend in person next year or have already participated in this year, and what motivated your choice?

Read More Comments

How do you manage process visualization within your company?
We're currently facing a challenge: while we can create process diagrams using tools like Miro or Visio, we're missing a structured way to manage versions. Ideally, we’d like to have a system where we can create a draft version of a process, review and iterate on it, and then publish a final "production" version that is locked and cannot be edited. How do you handle this kind of version control in your organization?

Which network type is more secure, LAN Or WAN?

LAN45%

WAN35%

LAN and WAN are equally secure18%

Other (explain in the comments)

View Results