Re: Gartner's Security 3.0

[pkc_mls <pkc_mls () yahoo fr>]

M.B.Jr. a écrit :
> Pentesters,
>
> Gartner's recently -- during its 2007 IT Security Summit -- released
> it's new corporative Information Security approach, named "Security
> 3.0".
> Basically, it suggests that 8 percent (and no less whatsoever than 5%)
> of the companies' IT budget be focused on security.
>
> It is something no doubt but personally I think it could be more, say 10%.
>   
Hi,

just a french example (please take some time before bashing).

there was a huge fire in a bank in paris in the 90s, and after this 
event all banks started to think about disaster recovery.

for the security, as some other already answered, it depends on how 
sensitive is the IT or the global management to security.

if some friend already has an issue with security, or if they had a 
phishing problem with lot of money involved, I think they'll
think more about security.

for some companies, it's also part of their job to have the network 
secured so they can sell their products (pills or medicine
for example).

then, you can even invest 20, 30 % to security, if the goal is only to 
put the latest firewall and never watch the log, perhaps
the investment doesn't matter.

IMHO the hardest part is to maintain a good level of security (everyone 
knows that as soon as you are connected to a network,
you cannot be a 100% secure) as your network is always modified.
> The thing is:
> how are you, as a pentester, feeling such, concerning your incomes?
>
>
> Yours faithfully,
>   


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------