Educause Security Discussion mailing list archives
Re: Penetration Testing
From: Willis Marti <wmarti () TAMU EDU>
Date: Wed, 19 Dec 2012 08:58:44 -0600
Do you actually mean "penetration testing" or do you really want a vulnerability assessment? Or just an external vulnerability scan? LOTS of folk will do a Nessus-like scan, possibly rating the vulnerabilities high/medium/low, but very few will go further and say "your security status is passing/failing". I don't think "zero defects" is reasonable for higher ed; we're not a bank or military facility. Our job is to distribute information. So what do you really want? ----- Original Message -----
Does anyone have any recommendations for companies that do penetration testing? We are considering bringing in an outside company to do penetration testing on Lehigh's systems and network and would like someone with experience in the higher ed domain. Reply here or off-line if you prefer.
-- Willis Marti Director and CISO Networking and Information Security Texas A&M University
Current thread:
- Penetration Testing Blair R. Bernhardt (Dec 18)
- Re: Penetration Testing David Grisham (Dec 18)
- Re: Penetration Testing Willis Marti (Dec 19)
- Re: Penetration Testing Bradley, Stephen W. Mr. (Dec 19)
- Re: Penetration Testing Dennis Bolton (Dec 19)
- Re: Penetration Testing Bradley, Stephen W. Mr. (Dec 19)
- Re: Penetration Testing Brian J Smith-Sweeney (Dec 19)