- Training
- Training Live Events
- Training Without Travel
- SANS Courses
- Certified Instructors
- Career Roadmap
- Training Calendars
- SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- SANS Onsite
- SANS SelfStudy
- SANS Partnership Series
- SANS Workshop Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
the most trusted source for computer security training, certification and research
A Model for Peer Vulnerability Assessment
- Abstract
- While some situations clearly may require bringing in highly skilled resources to test systems, a sound basis for good security would be to develop in-house expertise in vulnerability testing by the system administrators, and to develop an effective method of performing testing. The challenge for this effort, then, is to combine freeware tools with a methodology for using them that effectively promotes persistent security. This paper proposes a model for ongoing assessment to be performed by the system administrators that includes testing and assessment in a non-threatening environment that provides added value of education for those performing the assessments. We will first examine existing methods of assessment, make the case for a peer assessment, explore the goals and benefits of a peer assessment, and outline a generic assessment model.