Recommendation's for Security Reviews

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

I am looking for recommendations on books and outlines of how to best
perform a security review. We will be doing this for another
department, and I want to use a best practice approach. The other
department runs a mix of Windows, Novell, and a few Unix systems. We
will be reviewing compliance for both physical and computer security.

As a security review, I assume at this point that a penetration test
will not be involved. The term "security review", to me, has always
been more along the lines of an auditor comparing policies against
actual compliance. Agreed?

Site Timeline