Penetration Testing mailing list archives
Re: Gartner's Security 3.0
From: "Jay D. Dyson" <jdyson () treachery net>
Date: Wed, 17 Oct 2007 02:16:03 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 16 Oct 2007, M.B.Jr. wrote:
Gartner's recently -- during its 2007 IT Security Summit -- released it's new corporative Information Security approach, named "Security 3.0". Basically, it suggests that 8 percent (and no less whatsoever than 5%) of the companies' IT budget be focused on security.
That's certainly in keeping with the way industry treats security: it's consistently regarded as an afterthought. More time is spent crafting legal disclaimers that let vendors and service providers off the hook when they get their canonical butts handed to them. And let's face it: users may say they want security, but they never want it when it costs them their precious convenience.
The thing is: how are you, as a pentester, feeling such, concerning your incomes?
To be honest, I'm not very concerned. I wear a lot of hats across the IT sector, so I've always got work. But when (not if) the next system gets cratered because of lousy security, I'll be more than happy to do the work, earn the large sums, and consider the cashing of the customer's checks as my way of saying, "See, I told you so."
- -Jay ( ( _______ )) )) .-"There's always time for a good cup of coffee."-. >====<--. C|~~|C|~~| \------ Jay D. Dyson - jdyson () treachery net ------/ | = |-' `--' `--' `-- Save the planet. I intend to conquer it. --' `------' -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: See http://www.treachery.net/~jdyson/ for current keys. iD8DBQFHFaim6U584KgAiasRAjyoAJ9P1VC78JU5H9oDrJJwm0Ga/6TU4gCgkmC1 QGP2XiAYZIAA9gd6E/eEC6Q= =xhEM -----END PGP SIGNATURE----- ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Gartner's Security 3.0 M.B.Jr. (Oct 16)
- Re: Gartner's Security 3.0 xelerated (Oct 16)
- Re: Gartner's Security 3.0 M.B.Jr. (Oct 18)
- Re: Gartner's Security 3.0 Santiago Barahona (Oct 18)
- Re: Gartner's Security 3.0 M.B.Jr. (Oct 19)
- Re: Gartner's Security 3.0 Sebastien Tricaud (Oct 18)
- Re: Gartner's Security 3.0 Pete Herzog (Oct 18)
- Re: Gartner's Security 3.0 M.B.Jr. (Oct 20)
- Re: Gartner's Security 3.0 Pete Herzog (Oct 20)
- Re: Gartner's Security 3.0 M.B.Jr. (Oct 20)
- Re: Gartner's Security 3.0 Jay D. Dyson (Oct 18)
- Re: Gartner's Security 3.0 M.B.Jr. (Oct 23)
- Re: Gartner's Security 3.0 Jay D. Dyson (Oct 23)
- Re: Gartner's Security 3.0 M.B.Jr. (Oct 23)
- Re: Gartner's Security 3.0 pkc_mls (Oct 19)
- Re: Gartner's Security 3.0 Guilaume Vissian (Oct 19)
- Re: Gartner's Security 3.0 M.B.Jr. (Oct 23)
- Re: Gartner's Security 3.0 M.B.Jr. (Oct 23)
- Re: Gartner's Security 3.0 Guilaume Vissian (Oct 19)
- Re: Gartner's Security 3.0 xelerated (Oct 16)