Checks and Balances aka Quality Assurance

 Does your cyber security plan include a system of checks and balances? How about a quality assurance program. Do you need either of these? Let's take a lookat 2 scenarios:

Scenario 1:

So you've finally got your company website. It looks gorgeous. Everything is sleek and fast and beautiful. It should be, you paid Checks and Balancesa pretty penny to the dev team that put it together for you. You talked with them about security and they assured you they followed good practices and developed your site responsibly. But how do you know they did? Who double checked that they didn't leave any back doors in the site? Who verified that they did't accidentally forget to validate a form input somewhere? Programmers are human and humans make mistakes. It doesn't mean they are bad at what they do, just human.

Scenario 2; 

Your office equipment is maintained by a top-notch firm of IT specialist. They perform regular updates and maintenance on your computers and make sure everything is running smoothly. When there's a problem, they are prompt and always get you back up and running quickly. But how do you know in their rush to get things working that they didn't forget something? Did they forget a critical software patch? Did a critical patch fail to install and their system wasn't notified properly? These sort of things happen every day and leaves systems vulnerable to attackers.

These scenarios show just a few reasons your cyber security process needs to include checks and balances and/or a quality assurance program. The best way to ensure important processes are followed correctly is to have them validated by an independent 3rd party.  Everyone knows that trying to check your own work doesn't always yield the best results. So how is this done in cybersecurity? 

The best approach is to have a separate team that double checks the work of the first. An independent 3rd party is generally considered to be optimal. This is one of our strongest roles here at ITS. We can use our Audit-Pi© to make sure your networks are truly in the state you expect them to be in.