Normally, when accrediting a system, there is a team of us security warriors; probably performing a myriad of tasks. The interview of the Sys Admins occurs when any one of us has a spare hour or two to ask the "non-technical" questions and go over documentation and process. However, for the engagement I am currently working, my partner suggested to our client that we perform the interview FIRST in order to get the interview (and pain) out of the way and allow us to test the systems during the rest of the engagement.
One lesson I think I've learned from this move: By performing the interview FIRST, we find some issues/areas where we may want to take a closer look. The customer may have inadvertently said something that gives us reason to look at a particular issue. Or, they may say something that leads to a finding we might never have found. And, if the interview is conducted late in the engagement, there might not be time to further investigate.
I'll know soon enough, as we cast our eye about the network and systems starting tomorrow.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment