Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SME risk assessment (Was: Bank Assessment)

From: fergus <fergus () cobbled net>
Date: Mon, 26 Apr 2004 21:13:42 +0100
On 26.04-17:24, miguel.dilaj () pharma novartis com wrote:
[ ... ]

The risk of being blamed for hacking activities, DoS, storing child porn, 
etc., have to be considered as well, and absolutely every individual and 
company out there is exposed to that if someone can compromise their 
systems. The publicity impact can be also very serious.

I can perfectly understand your recent discussion if we don't take into 
account the above, and I tend to agree with you (if I understood you 
correctly). Both of you are partially right.


it's not an issue of correctness or methodology it
is a question of politics - or more specifically
perceived risk.

i run a small business for small businesses.  it
includes security auditing (as well as other
services).  if i produce a report that doesn't fit
on a stick-it note then it better be critical -
and more importantly - perceived as such; at least
by the end of a short discussion.
n.b:    critical ~ make/save money

why?  small business is _all_ about priorities.  and
mainly short term priorities.  other things are
basically overheads (of time, money and probably
both) to be avoided at all costs.
n.b:    priorities ~ cash flow

if security fits on that list they're probably
selling it.

hey - i'm not saying this is universal, i'm just
saying don't jump in too deep.  i've done it - it
will only get returns in very specific cases (of
which i've yet to come across).


good luck,
-- 
: fergus cameron                :   [ .]        cobbled    :
: ^^^^^^@cobbled.net            : [ ~][ ]             .net :

------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: