Re: Testing large networks

["Davi Ottenheimer" <DaviO () westmarine com>]

It helps to be extremely familiar with the organization and understand how they rate/value their assets. That will 
bridge your vulnerability reports to their strategic view of risk, as well as day-to-day processes. Understanding the 
relevant compliance and regulatory issues will also help, as you can show that specific vulnerabilities translate into 
real penalties for non-compliance. In other words, if your client is a hospital, then your investigation and scanning 
should be at least able to demonstrate familiarity with patient confidentiality, and critical system availability, etc. 
as well as the Health Insurance Portability and Accountability Act of 1996 (HIPPA)...

> > > Dan Rogers <pentestguy () gmail com> 03/05/05 08:05AM >>>
[...]
So how do you lot approach testing a lage network? Also, how do you
decide what to report to the client on?

Cheers

Dan
************************************************************************************************
The contents of this email and any attachments are confidential.
It is intended for the named recipient(s) only.
If you have received this email in error please notify the system manager or  the 
sender immediately and do not disclose the contents to anyone or make copies.

This email was scanned for viruses, vandals and malicious content.
via mail3.westmarine.com
*************************************************************************************************