Penetration Testing mailing list archives

Business justification for pentesting

From: sectraq () gmail com
Date: 30 Aug 2005 16:29:35 -0000

hi all,

a few classic question that i would appriciate any answers for. 
1- i would like to briefly know how to quantify information assets. In other words, i hear a pentester say: if a hacker 
breaks in ur network, u will loose up to 40000$ for example. how can he come up with such figures?

2- are there any other means to justify pentesting for management except for $$$?

3- are there any official statistics, figures etc. for justifying pentesting. ther more official it is the better.

4- any other information you guys might find helpful in justifying a pentest would be appriciated.

thnx in advance for ur help.

T.N

Current thread:

Business justification for pentesting sectraq (Aug 30)
- RE: Business justification for pentesting Omar A. Herrera (Aug 30)
- Re: Business justification for pentesting Adam Chesnutt (Aug 30)
- Re: Business justification for pentesting Lynx (Aug 30)
- Re: Business justification for pentesting Irene Abezgauz (Aug 31)
- Re: Business justification for pentesting rmeijer (Aug 31)
- <Possible follow-ups>
- RE: Business justification for pentesting William Tarkington (Aug 30)
  - Re: Business justification for pentesting Kevin Reiter (Aug 31)
- RE: Business justification for pentesting Michael Scheidell (Aug 30)
  - Re: Business justification for pentesting Jan van Rensburg (Aug 31)
- RE: Business justification for pentesting Ha, Jason (Aug 31)