Penetration Testing mailing list archives
Re: [PEN-TEST] Evaluating Auditors Abilities
From: topher hughes <thughes () CISCO COM>
Date: Thu, 7 Sep 2000 18:07:16 -0500
Actually, just to offer a counter-view, we (Cisco) don't provide references. Think about it - there is still a perception in a large part of the general populace that if you've had an audit performed recently, there must be something wrong...you were hacked, you were about to be hacked, etc. We also want to abide by any confidentiality agreements in place as well. I definitely agree that one of the best things to do as a customer is to have your technical people talk to the actual assessors, and make sure they have a clue. *shrug* just a comment. --topher "Emeigh, Mike" wrote:
Derrick wrote: (snip)How can companies decide which auditors really do a decent job and are worth their value ?I'd first ask the auditors to provide references, and then contact those companies. If the auditors aren't willing to provide references, I'd be suspicious. Mike Emeigh piratefan1 () mindspring com
Current thread:
- Re: [PEN-TEST] Evaluating Auditors Abilities Emeigh, Mike (Sep 07)
- Re: [PEN-TEST] Evaluating Auditors Abilities topher hughes (Sep 08)
- <Possible follow-ups>
- Re: [PEN-TEST] Evaluating Auditors Abilities Tansey, Don (Sep 07)
- Re: [PEN-TEST] Evaluating Auditors Abilities Benjamin P. Grubin (Sep 07)
- Re: [PEN-TEST] Evaluating Auditors Abilities Kuss, Kenneth (Sep 07)
- Re: [PEN-TEST] Evaluating Auditors Abilities Edward Slusarski (Sep 07)
- Re: [PEN-TEST] Evaluating Auditors Abilities David Hopkins (Sep 07)
- Re: [PEN-TEST] Evaluating Auditors Abilities Khan, Mansoor (Sep 08)
- Re: [PEN-TEST] Evaluating Auditors Abilities Meritt, Jim (Sep 08)
- Re: [PEN-TEST] Evaluating Auditors Abilities Dunker, Noah (Sep 08)
- Re: [PEN-TEST] Evaluating Auditors Abilities Gallicchio, Florindo (2282) (Sep 08)
- Re: [PEN-TEST] Evaluating Auditors Abilities Hill, Mark (Sep 08)