Security Basics mailing list archives
Re: The Return on Investment of Good Security
From: "Adriel T. Desautels" <ad_lists () netragard com>
Date: Mon, 5 Jan 2009 16:23:44 -0500
Yes, you are right on the money.We've already got a few good white papers that we allow our prospects to download. These papers arm the prospects with intelligence whereby enabling them to vet out the frauds from the real providers. But yes, my goal is to set a higher standard for security services, not just within my own business. Yes, we are a very high quality provider and that is because of how much effort, thought, and experience we have to put into being such a provider. We'll never call ourselves the best, once anyone thinks that its nearly time for a big fat "Game over".
Quality providers are measured by the depth, accuracy and quality of their deliverables. Missing something as basic as a default SNMP configuration is pretty weak unless the technology was installed or configured after the assessment. Networks do change and something that is secure today might not be tomorrow.
On Jan 5, 2009, at 3:56 PM, Mercurio, Michael D (Dante) wrote:
The article is basically stating you get what you pay for. The problemis the measurement of a 'good' vs. 'bad' service is not as easy as justcomparing pricing. To make your point, the vendor needs to provide'quality' service and I'm assuming you are making the argument that yourcompany is the 'quality' vendor that costs more, but I have seen many high priced vendors who did not have a clue. Simple example, I once found default SNMP read/write access to a bank core switch that was missed by a previous 'nationally known quality' vendor who charged twice as much. In order to justify a higher price, you need to educate people on what qualifies as a 'good' vs. 'bad' vendor besides price. You might want to touch on items such as: 1) Review and compare scopes of work to ensure they are both doing the same thing. 2) Review a sample report to ensure you will be getting something of quality back. 3) Ask for sample resumes of consultants that will be conducting the assessment. 4) Ask to contact some references. The items above will tell you more about a 'quality' vendor than theprice of the assessment and also provide more reasons why an assessmentwill cost more. M. Dante Mercurio, CISSP, CCNA http://www.mercurio.ws http://advinsecurity.wordpress.com -----Original Message-----From: listbounce () securityfocus com [mailto:listbounce () securityfocus com ]On Behalf Of Adriel T. Desautels Sent: Friday, January 02, 2009 6:46 PM To: pen-test list Cc: security-basics () securityfocus com Subject: The Return on Investment of Good Security Latest blog entry for those who care. This one compares the Return onInvestment of good security services to the Return on Investment of poor quality security services. As usual comments and criticisms are welcomeand appreciated. Direct link as requested: http://snosoft.blogspot.com/2009/01/cost-of-good-security-is-fraction-of .html Adriel T. Desautels ad_lists () netragard com -------------------------------------- Subscribe to our blog http://snosoft.blogspot.com
Adriel T. Desautels ad_lists () netragard com -------------------------------------- Subscribe to our blog http://snosoft.blogspot.com
Current thread:
- Re: The Return on Investment of Good Security tony_l_turner (Jan 05)
- Re: The Return on Investment of Good Security Adriel T. Desautels (Jan 05)
- Re: The Return on Investment of Good Security Tony (Jan 05)
- RE: The Return on Investment of Good Security Daniel I. Didier (Jan 05)
- RE: The Return on Investment of Good Security Warren Brunson (Jan 05)
- Re: The Return on Investment of Good Security Tony (Jan 05)
- Re: The Return on Investment of Good Security Adriel T. Desautels (Jan 05)
- <Possible follow-ups>
- The Return on Investment of Good Security Adriel T. Desautels (Jan 05)
- Re: The Return on Investment of Good Security Eitan Adler (Jan 05)
- RE: The Return on Investment of Good Security Mercurio, Michael D (Dante) (Jan 05)
- Re: The Return on Investment of Good Security Adriel T. Desautels (Jan 05)
- Re: The Return on Investment of Good Security adeel hussain (Jan 06)
- Re: The Return on Investment of Good Security Ed Fuller (Jan 06)
- Re: The Return on Investment of Good Security Adriel T. Desautels (Jan 06)
- Re: The Return on Investment of Good Security intel96 (Jan 07)