Penetration Testing mailing list archives
Re: Business justification for pentesting
From: Kevin Reiter <tux () penguinnetwerx net>
Date: Wed, 31 Aug 2005 01:18:36 -0400
hi all,a few classic question that i would appriciate any answers for. 1- i would like to briefly know how to quantify information assets. Inother words, i hear a pentester say: if a hacker breaks in ur network, u will loose up to 40000$ for example. how can he come up with such figures? 2- are there any other means to justify pentesting for management except for $$$? 3- are there any official statistics, figures etc. for justifying pentesting. ther more official it is the better. 4- any other information you guys might find helpful in justifying a pentest would be appriciated.
Don't forget about federal regulatory compliance issues, if your business falls under those categories (SOX, GLBA, etc.)
Your company may even be *required* to have a third-party audit/test done periodically (i.e. once per year) in order to be "certified" to meet those federal requirements, as well as other items put in place (IDS, monitoring, etc.)
Best to understand which (if any) federal requirements you fall under, then find out what needs to be done to become compliant (if that applies at all) and move on from there.
-Kevin
Current thread:
- Business justification for pentesting sectraq (Aug 30)
- RE: Business justification for pentesting Omar A. Herrera (Aug 30)
- Re: Business justification for pentesting Adam Chesnutt (Aug 30)
- Re: Business justification for pentesting Lynx (Aug 30)
- Re: Business justification for pentesting Irene Abezgauz (Aug 31)
- Re: Business justification for pentesting rmeijer (Aug 31)
- <Possible follow-ups>
- RE: Business justification for pentesting William Tarkington (Aug 30)
- Re: Business justification for pentesting Kevin Reiter (Aug 31)
- RE: Business justification for pentesting Michael Scheidell (Aug 30)
- Re: Business justification for pentesting Jan van Rensburg (Aug 31)
- RE: Business justification for pentesting Ha, Jason (Aug 31)