Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Testing the user community

From: "Paul Melson" <pmelson () gmail com>
Date: Wed, 31 Jan 2007 15:26:51 -0500
what do you mean by "what the *company* is doing, not what the users are

doing."


We have policy in place however my purpose of pen testing the user

community is to justify initial 

training cost/time.  After training has taken place run similar test and

compare the results to see if 

the training is effective.


That's what I meant - using it as a tool to see how well things like
policies and training are working in your company.  Your results should be
focused on how well employees follow the policy, not whether or not they are
savvy enough to avoid being scammed.

PaulM


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: