Re: Evaluating the security level of a firewall

["Meritt James" <meritt_james () bah com>]

James Fields wrote:
> It's not a matter of Nessus or any other tool being "good enough" - the
> point goes back to what you friend said about being too busy.  I have a
> limited number of hours per weeks.  I manage 8 firewalls, numerous IDS
> sensors and maintain about 50 VPNs for my company.  I also am part of a team
> responsible for managing our routers, switches, etc.  I do not have time to
> research, on a regular basis, everything going on in the industry.
>
> I've been told some companies hire security people who do nothing else - but
> I've yet to work at such a place, and can't say what it would be like...

Sounds like someone does not do a very good job of prioritization or
allocation of resources.  What is the problem, not how do you handle a
solution.

-- 
James W. Meritt CISSP, CISA
Booz | Allen | Hamilton
phone: (410) 684-6566

---------------------------------------------------------------------------
----------------------------------------------------------------------------