Security-Testing Tool Selection Checklist

YES NO DESCRIPTION Does the organization have the resources to create a test lab for security-testing purposes? Have all the ancillary costs such as training, setup time, future software upgrades, consultant fees, and so on been included into the total cost of ownership of the tool? Is the proposed tool affordable? Are all tools downloaded from the Internet scanned for viruses and Tro an horses before being installed? Are all recently installed tools initially monitored for suspicious behavior in a !uarantined area before being deployed against the production environment? Are all tools that potentially have access to the production environment uninstalled or disabled when not in use? "ill a proposed tool run on the organization#s e$isting infrastructure? "ill a proposed tool re!uire e$tensive training? This includes any time needed to learn a new operating system or set up a custom environment needed by the tool% An e$ample would be installing a new interpreter% Is the proposed tool available as an e$ecutable for the desired platform? &an the proposed tool be used without any customization? Is the proposed tool available as source code? &an the proposed tool be used independently of any other product? Is the proposed tool intuitive and easy to use, or does it come with comprehensive documentation?