Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Security Grade

From: "Benjamin Tomhave" <list-procurare () secureconsulting net>
Date: Thu, 6 Dec 2007 15:34:53 -0500 (EST)
There's a variety of techniques for this. Generally, it's best to just
compare scores internally over time. NSA IEM has a repeatable method for
doing this. Alternatively, one can adopt a security maturity model (such
as SSE-CMM) and use that to compare maturity against other organizations.

On Thu, December 6, 2007 6:17 am, 11ack3r wrote:

Hi,

Is there a security criteria or matrix against which we could grade
customer's pen test results? Like assigning them grade between A to E
or 1 to 10.

*.*

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------





-- 
Benjamin Tomhave, MS, CISSP
falcon () secureconsulting net
Web: http://falcon.secureconsulting.net/
LI: http://www.linkedin.com/in/btomhave
Blog: http://www.secureconsulting.net/
Photos: http://photos.secureconsulting.net/

"We must scrupulously guard the civil liberties of all citizens, whatever
their background. We must remember that any oppression, any injustice, any
hatred is a wedge designed to attack our civilization."
-President Franklin Delano Roosevelt


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: