Judging effectiveness and making recommendations

In order to know how effective a policy is, it must be measured and evaluated using quantitative measures. See setting targets for further guidance.

Using event logs from network management software alongside server logs, it is possible to identify how often threats are blocked, and what threats are most prevalent. This information allows a network administrator to identify where further security would be beneficial, and also highlight any breaches in security.

Recommendations can involve anything from changing policy, providing additional staff training or additional hardware/software.

Outside companies can provide these services, and will typically begin by running network scanning tools to locate weaknesses.