Having the answers to the test...

A wise man once told me, "I only take tests when I know I have all the answers." I find this to be a good idea. I mean, all things aside for being in school and not cheating of course, who wants to be tested without the benefit of knowing the answer key. In the event of your network and applications being tested by a 3rd party (probably a customer) you might want to know how your house looks before inviting others to snoop around.

It surprises me that this concept of knowing thyself is so alien to people. A good security practice in any business should offer vulnerability assessments, pen testing and application testing. Or, if you are in the outsourcing mindset, have some well vetted and trusted partners to do this testing for you.

It is becoming more commonplace for people to test one another. Two companies may wish to enter into a contract with each other is often the case. Normally one being the client and one the customer providing a service. Sometimes we do this for Due Diligence prior to a merger and acquisition. (M&A)

So lets say you are thinking this is a good idea, great! Now what are the benefits? Well glad you though of this question... try these on for size and then let me know if you have a spark to start a new process in your organization:

1.) You can test and remediate any embarrassing issues before you let your potential customer take a close look.

2.) If you can't remediate in time for the required 3rd party assessment, you can at least start to frame a response to the indubitable arrival of hard questions.

3.) Management likes to know when there are going to be issues. And let's face it, you need to be pointing out that Security is doing something and found problems to fix.