Re: PenTest Checklist

[Alessandro <a.bottonelli () infinito it>]

On Tuesday 06 January 2004 17:07, you wrote:
> Here's a quick summary here from various sources for your review... 
>
> B - Goals
> recognize best practices
> recognize business risks
> privacy issues both internal and external
I don't see (but that could be just me) anything in your checklist that can 
lead to recognizing business risks and privacy issues. 

If Risk = Vulnerabilities x Threats x Damage then a pen-test does a great job 
in measuring Vulnerabilities. I need other kind of assessments to measure the 
other two factors in the formula.

My 2 Eurocents :-) worth...

-- 
Alessandro Bottonelli
www.axis-net.it

---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any 
course! All of our class sizes are guaranteed to be 10 students or less. 
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, 
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off 
any course!  
----------------------------------------------------------------------------