How do I make the best use of SekChek?
You have mentioned lots of great ideas to us, many of which are listed in this FAQ. Some others worth a mention are:
DO use SekChek as early as possible in an assignment. The SekChek report will help you focus and leverage your time better. Many consultants send SekChek to their client well before they start an assignment and request the client to forward the files directly to us. This saves you and your client both time and money.
DO use the (graphical) summary reports for highlighting trends in the strength of security over time and across different computers and departments. They help answer questions such as “Is security getting better or worse?”, “Which computer has the strongest/weakest security” and “Where does security not comply with policy?”.
DO call us if you have difficulty with any part of the SekChek process. We try to make the process as hassle-free as possible, but there may be the inevitable hiccup or problem. If you don’t tell us about your difficulties, we will not be able to fix them.
DO call us with your questions. The preferred medium is e-mail & we aim to answer most questions within 2 hours of receipt.
DO tell us what improvements you would like to see. We will do our best to include your requirements in a future release of the software.
DON’T expect SekChek to provide all the answers. Certain types of question require some understanding and knowledge of the client’s business. An obvious example is: “Should John Smith in the Finance department have access to XXX?”. However, we would be very disappointed if you find that SekChek does not at least ‘break the back’ of a security review.