Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [PEN-TEST] Evaluating Auditors Abilities

From: David Hopkins <David () COMPUSA COM>
Date: Thu, 7 Sep 2000 14:57:34 -0500
I'd be alittle leary using Auditors for Penetrations anyway, I'd opt
more for a Security Consulting firm that specializes in Penetrations and
who will gladly offer references since it's their livelihood.  They may
even do a limited scope "freebie" to show what they can offer and they
should be able to thoroughly explain their results, if they can't you
don't have to go any further and you're not out any $.

David Hopkins, CISSP
CompUSA IT Security Manager
972-982-5414 (office)
972-333-5636 (cell)



-----Original Message-----
From: Emeigh, Mike [mailto:piratefan1 () MINDSPRING COM]
Sent: Thursday, September 07, 2000 12:53 PM
To: PEN-TEST () SECURITYFOCUS COM
Subject: Re: Evaluating Auditors Abilities


Derrick wrote:

(snip)


How can companies decide which auditors really do a decent job
and are worth their value ?


I'd first ask the auditors to provide references, and then
contact those companies. If the auditors aren't willing to
provide references, I'd be suspicious.

Mike Emeigh
piratefan1 () mindspring com
Previous By Date Next
Previous By Thread Next

Current thread: