Testing the access controls in place for the network is a very important ongoing process that needs to be done regularly to find any vulnerabilities in the network. This process needs to be thought out the development stage of the network and after the network is already up and running.
Checking the access controls can be done by testing the resources that are being used to safeguard access whether is logical or physical restrictions. Physical restrictions like cameras and doors can be tampered with in the event of a break in. Testing the physical resources should be done regularly to test how “tough” the resource is in regular and extraordinary circumstances (on a nice clear sunny day and at night. Also checking it during a power outage or electrical storm might be a good idea as well to see how it reacts.)
Testing logical resources is a bit different there are phases of a software life cycle that should be followed:
Initiation Phase- the existing architecture and security systems are documented, and preliminary risk assessment is conducted. Applicable laws and regulations are identified. The Documentation and analysis done during this phase is a crucial step in identifying what type of security system is needed and how it will work with existing systems.
Acquisition and Development Phase- during the acquisition and development phase a more complete risk assessment is completed, a baseline security level is established. Goals are made and meetings with vendors are made to choose specific solutions to meet the goals made.
Implementation and Testing Phase- Once a new system has been purchased it must be installed. ( a security system will eventually be so out of date that a purchase of a new one will be forced) Unit and integration tests ensure that the new product performs as expected and works with existing systems. User training is a significant part of this phase.
Operations and Maintenance- the longest of the five phases of life in a security...