Penetration Testing mailing list archives

Re: [PEN-TEST] Evaluating Auditors Abilities

From: topher hughes <thughes () CISCO COM>
Date: Thu, 7 Sep 2000 18:07:16 -0500

Actually, just to offer a counter-view, we (Cisco) don't provide
references. Think about it - there is still a perception in a large part
of the general populace that if you've had an audit performed recently,
there must be something wrong...you were hacked, you were about to be
hacked, etc. We also want to abide by any confidentiality agreements in
place as well.

I definitely agree that one of the best things to do as a customer is to
have your technical people talk to the actual assessors, and make sure
they have a clue.

*shrug* just a comment.

                                                        --topher

"Emeigh, Mike" wrote:


Derrick wrote:

(snip)

How can companies decide which auditors really do a decent job
and are worth their value ?


I'd first ask the auditors to provide references, and then
contact those companies. If the auditors aren't willing to
provide references, I'd be suspicious.

Mike Emeigh
piratefan1 () mindspring com

Current thread:

Re: [PEN-TEST] Evaluating Auditors Abilities Emeigh, Mike (Sep 07)
- Re: [PEN-TEST] Evaluating Auditors Abilities topher hughes (Sep 08)
- <Possible follow-ups>
- Re: [PEN-TEST] Evaluating Auditors Abilities Tansey, Don (Sep 07)
  - Re: [PEN-TEST] Evaluating Auditors Abilities Benjamin P. Grubin (Sep 07)
- Re: [PEN-TEST] Evaluating Auditors Abilities Kuss, Kenneth (Sep 07)
- Re: [PEN-TEST] Evaluating Auditors Abilities Edward Slusarski (Sep 07)
- Re: [PEN-TEST] Evaluating Auditors Abilities David Hopkins (Sep 07)
- Re: [PEN-TEST] Evaluating Auditors Abilities Khan, Mansoor (Sep 08)
- Re: [PEN-TEST] Evaluating Auditors Abilities Meritt, Jim (Sep 08)
- Re: [PEN-TEST] Evaluating Auditors Abilities Dunker, Noah (Sep 08)
- Re: [PEN-TEST] Evaluating Auditors Abilities Gallicchio, Florindo (2282) (Sep 08)
- Re: [PEN-TEST] Evaluating Auditors Abilities Hill, Mark (Sep 08)