Penetration Testing mailing list archives
Re: SME risk assessment (Was: Bank Assessment)
From: fergus <fergus () cobbled net>
Date: Mon, 26 Apr 2004 21:13:42 +0100
On 26.04-17:24, miguel.dilaj () pharma novartis com wrote: [ ... ]
The risk of being blamed for hacking activities, DoS, storing child porn, etc., have to be considered as well, and absolutely every individual and company out there is exposed to that if someone can compromise their systems. The publicity impact can be also very serious. I can perfectly understand your recent discussion if we don't take into account the above, and I tend to agree with you (if I understood you correctly). Both of you are partially right.
it's not an issue of correctness or methodology it is a question of politics - or more specifically perceived risk. i run a small business for small businesses. it includes security auditing (as well as other services). if i produce a report that doesn't fit on a stick-it note then it better be critical - and more importantly - perceived as such; at least by the end of a short discussion. n.b: critical ~ make/save money why? small business is _all_ about priorities. and mainly short term priorities. other things are basically overheads (of time, money and probably both) to be avoided at all costs. n.b: priorities ~ cash flow if security fits on that list they're probably selling it. hey - i'm not saying this is universal, i'm just saying don't jump in too deep. i've done it - it will only get returns in very specific cases (of which i've yet to come across). good luck, -- : fergus cameron : [ .] cobbled : : ^^^^^^@cobbled.net : [ ~][ ] .net : ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
Current thread:
- Re: SME risk assessment (Was: Bank Assessment) Jason High (Apr 26)
- <Possible follow-ups>
- Re: SME risk assessment (Was: Bank Assessment) miguel . dilaj (Apr 26)
- Re: SME risk assessment (Was: Bank Assessment) fergus (Apr 27)