Description

Late 2005 I was working for a consulting company in the Milwaukee area. In an attempt to continue to move from a break-fix environment to a more proactive, managed IT approach, I was asked to develop a security audit methodology, which we would use in conjunction with our "taste-test" approach to new customers.

A taste-test was really nothing more than an engineer and a salesman showing a potential client how smart we were, how messed up their environment was, and how we could help them. We decided to use the Security Audit as another layer to enhance what we had to offer.

Here is an outline of the methodology I used, which was borrowed in large part from the SANS institute.