As part of the Foster Institute IT Security Assessments, we always offer to perform vulnerability assessments and they are indeed very helpful.  Executives can help IT professionals overcome the negative effect to the results of a vulnerability scan…

The primary reason we perform vulnerability assessments as parts of security assessments is to generate an inventory of all the computers currently alive on the network and a list of vulnerabilities those computers have.

The challenge is that the human brain loves a “list of what’s wrong.”  Most of the IT professionals at organizations go immediately to work solving the identified problems thereby “killing alligators.”

We always implore executives and IT professionals alike to focus on “draining the swamp” in addition to, and sometimes instead of, “killing alligators.”

In our ongoing effort to help IT professionals and organizations focus on strategic, as well as tactical, plans to take IT to the next level, I sometimes feel like a dentist who hands out new toothbrushes as well as a gift certificate to the local candy store in the same visit.

Vulnerability assessments are wonderful—just remember to focus on the one or two strategic changes that can fix one hundred or more tactical issues.