RE: Penetration Tests

[Andreas Siegert <afx () ibm de>]

I think you are absolutely right. But I also had to learn that customers
rarely want to invest the money needed for real security. Typically they just
buy alibi firewalls and stop listening if they find out what real security
would cost them.
bye
afx


-----Forwarded message from Gary Crumrine <gcrum () us-state gov>-----
I believe, that if you truely want to have the maximum e  
ffect on the outcome of a customer's threat management 
program, as security experts, we need to be involved from 
the beginning, doing the risk analysis, looking at business 
practices and verifying services verses a true business 
need, helping the customer develop a comprehensive, but 
more importantly an enforceble security policy prior to 
recommending the flavor of the month guard device.  This 
process builds a relationship with the customer that if 
done correctly, will result in follow on work etc... Read 
that increased profits...  Remember, it is not the box that 
is important (Whoa, settle down resellers) it is the 
program that fails, or succeeds.

-----End of forwarded message-----

-- 
Andreas Siegert       afx () ibm de / afx () barolo munich de ibm com / AFX at IPNET
PGP Key:http://www.muc.de/~afx/pubkey.asc, KeyId AB26FD05