1. DueDiligence A security audit of Web server, Internet, Extranet and intranet is an essential component of any sound security policy and practice. It proves that due diligence has been exercised at your organization and that you and your boss did everything in your power when (not if) the next problem occurs.

2. Independent As independent financial audits are always conducted by an external source (i.e., as required by the US Securities and Exchange Commission, Generally Accepted Auditing Standards -- GAAS, and by Section 5751.32 of the Canadian Institute of the Chartered Accountants Handbook), so too should your security audits. Only by using an external and impartial audit can you ensure that all potential security problems have been examined and exposed.

3. Impartial No expensive security solutions should be recommended simply because the corporation performing the audit represents equipment vendors, just the information you require to assess vulnerabilities exposed on your network. Vendors often find holes in somebody else's equipment, but don't find vulnerabilities in their own since their tests are designed to check that the equipment is doing what it was designed to do, not necessarily to determine whether or not your environment is secure.

4. Prevention It is only a question of time when hackers will come after you. By then it's usually too late.

5. Detection Detection is one of the many components required to assure your network's security and integrity. One of the many benefits of an external and impartial audit is to determine the effectiveness of your tools for detecting intrusions into your environment. An external audit should trigger the detection mechanisms, and initiate whatever countermeasures your environment has in place. If an external audit is not detected, then it is time to re-assess your intrustion detection tools and processes.

6. Price ADDSecure.Net™ Audit is inexpensive, and ongoing audit packages cost even less. Buying your own tools and training people in-house would cost much more, and not provide you with an external impartial report. Since all our services are fully automated, we can afford to charge you much less than our competitors.

7. Buyer Beware If your security vendor claims that your server is secure but an external audit has not been performed, the consequences for your business could be devastating. Insist on an external and impartial audit before believing your security vendor's claims.

8. Improper Security and Firewall Setups Just because an expensive firewall has been installed, it does not mean that it has been set up properly. Hackers can penetrate firewalls and even though you may not keep important information on your web, they may penetrate your legacy systems. An external audit identifies vulnerabilities in your security defenses and firewalls so you can correct them fast.

9. Comprehensive Reporting An ADDSecure.Net™ Audit quickly identifies your vulnerabilities and exposed areas. The Audit report is clear and easy to understand, you don't have to be a rocket scientist to interpret its results. Once you have the report, you can take appropriate corrective actions that won't cost you any more than is absolutely necessary.

10. Why Take Chances Despite your best efforts and those of your vendors, we are willing to bet that your network would not pass an external security audit from the first attempt. Most of our audits uncover significant problems even though our clients are prepared for the audit. Your subsequent measures could effectively rectify the situation.

1. It will never happen to you.

2. Your network security is inpenetratable and absolutely the best in the world.

3. Your internal efforts are sufficient to counter any threat from all 13-year olds that use simple cracking tools.

4. It's the IT staff who are responsible for security and you always trust them completely.

5. Your security equipment vendors told you so, they've already done it.

6. There is nothing useful on your company's web site or network anyway.

7. Senior executives like yourself should not needlessly be scared beforehand.

8. When the hackers strike next time, you will be on vacation, it's your boss who will be accountable.

9. If they break in, and even if the hackers of the media publish about it all over the world, it won't hurt your company.

10. The hackers will have to wait until we install a new firewall in the next fiscal year.

If the above isn't enough, we are always interested to hear the new executive excuses for not doing external audits. Please email to our attention...