Penetration Testing mailing list archives
RE: Business justification for pentesting
From: "William Tarkington" <William.Tarkington () openwave com>
Date: Tue, 30 Aug 2005 12:22:50 -0700
Gartner is the major provider of information regarding this type of stuff. If you aren't able to get access it's a crap shoot on the web. It is true that recovering from an incident costs more than preventing it. To get Pen-testing approved I generally use the fire sprinkler system analogy. We've invested this money in our security now we use pen testing to validate we have achieved what we invested our money for. Or just because you install a sprinkler system doesn't mean you don't test it once a year. Simply because the cost of not having it exceeds the cost of testing and the same is true for pen testing. --Will -----Original Message----- From: sectraq () gmail com [mailto:sectraq () gmail com] Sent: Tuesday, August 30, 2005 9:30 AM To: pen-test () securityfocus com Subject: Business justification for pentesting hi all, a few classic question that i would appriciate any answers for. 1- i would like to briefly know how to quantify information assets. In other words, i hear a pentester say: if a hacker breaks in ur network, u will loose up to 40000$ for example. how can he come up with such figures? 2- are there any other means to justify pentesting for management except for $$$? 3- are there any official statistics, figures etc. for justifying pentesting. ther more official it is the better. 4- any other information you guys might find helpful in justifying a pentest would be appriciated. thnx in advance for ur help. T.N
Current thread:
- Business justification for pentesting sectraq (Aug 30)
- RE: Business justification for pentesting Omar A. Herrera (Aug 30)
- Re: Business justification for pentesting Adam Chesnutt (Aug 30)
- Re: Business justification for pentesting Lynx (Aug 30)
- Re: Business justification for pentesting Irene Abezgauz (Aug 31)
- Re: Business justification for pentesting rmeijer (Aug 31)
- <Possible follow-ups>
- RE: Business justification for pentesting William Tarkington (Aug 30)
- Re: Business justification for pentesting Kevin Reiter (Aug 31)
- RE: Business justification for pentesting Michael Scheidell (Aug 30)
- Re: Business justification for pentesting Jan van Rensburg (Aug 31)
- RE: Business justification for pentesting Ha, Jason (Aug 31)