Test your network with the same types of tools, methods, and techniques that hackers use. Numerous automated testing tools can also assist you with this.

Compare logs to determine how actual conduct confirms to the stated security policy. Note any deviations from the policy, then use this information to improve user compliance.

To implement a new system or test a new security setting, follow the steps below.

1. Implement the policy on systems whose configurations are identical to those of normal systems.
2. Place the system or systems on a different subnet.
3. Simulate, as far as possible, conditions normal to the network.
4. As with existing systems, test the new system against common hacker techniques.

Establish logging on all systems, and check the logs regularly. Configure your log files so that they will not become security threats. Remain aware that existing policy will develop gaps as new hacker techniques develop. What might be secure today will develop problems later, due to a hardware change, an operating system upgrade, or a bug in an application.