Penetration Testing mailing list archives
Re: Security Grade
From: "Benjamin Tomhave" <list-procurare () secureconsulting net>
Date: Thu, 6 Dec 2007 15:34:53 -0500 (EST)
There's a variety of techniques for this. Generally, it's best to just compare scores internally over time. NSA IEM has a repeatable method for doing this. Alternatively, one can adopt a security maturity model (such as SSE-CMM) and use that to compare maturity against other organizations. On Thu, December 6, 2007 6:17 am, 11ack3r wrote:
Hi, Is there a security criteria or matrix against which we could grade customer's pen test results? Like assigning them grade between A to E or 1 to 10. *.* ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
-- Benjamin Tomhave, MS, CISSP falcon () secureconsulting net Web: http://falcon.secureconsulting.net/ LI: http://www.linkedin.com/in/btomhave Blog: http://www.secureconsulting.net/ Photos: http://photos.secureconsulting.net/ "We must scrupulously guard the civil liberties of all citizens, whatever their background. We must remember that any oppression, any injustice, any hatred is a wedge designed to attack our civilization." -President Franklin Delano Roosevelt ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Security Grade 11ack3r (Dec 06)
- Re: Security Grade JD Lampard (Dec 10)
- Re: Security Grade Ed Fuller (Dec 12)
- Re: Security Grade dave-san (Dec 10)
- RE: Security Grade Malhoit, Lauren (Dec 10)
- Re: Security Grade Benjamin Tomhave (Dec 10)
- Re: Security Grade Eddie Block (Dec 10)
- Re: Security Grade Francois Larouche (Dec 12)
- Re: Security Grade Eddie Block (Dec 12)
- Re: Security Grade Francois Larouche (Dec 13)
- Re: Security Grade Pete Herzog (Dec 13)
- Re: Security Grade Francois Larouche (Dec 12)
- Re: Security Grade Stephen Strange (Dec 12)
- Re: Security Grade JD Lampard (Dec 10)
- <Possible follow-ups>
- Re: Security Grade lauren . malhoit (Dec 10)
- Re: Re: Security Grade cwright (Dec 12)