Re: SME risk assessment (Was: Bank Assessment)
From: fergus (fergus_at_cobbled.net)
Date: 04/26/04
- Previous message: CHEN, Chuan: "Application Level Pen Test"
- In reply to: miguel.dilaj_at_pharma.novartis.com: "Re: SME risk assessment (Was: Bank Assessment)"
- Next in thread: Max: "Re: Bank Assessment"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 26 Apr 2004 21:13:42 +0100 To: pen-test@securityfocus.com
On 26.04-17:24, miguel.dilaj@pharma.novartis.com wrote:
[ ... ]
> The risk of being blamed for hacking activities, DoS, storing child porn,
> etc., have to be considered as well, and absolutely every individual and
> company out there is exposed to that if someone can compromise their
> systems. The publicity impact can be also very serious.
>
> I can perfectly understand your recent discussion if we don't take into
> account the above, and I tend to agree with you (if I understood you
> correctly). Both of you are partially right.
it's not an issue of correctness or methodology it
is a question of politics - or more specifically
perceived risk.
i run a small business for small businesses. it
includes security auditing (as well as other
services). if i produce a report that doesn't fit
on a stick-it note then it better be critical -
and more importantly - perceived as such; at least
by the end of a short discussion.
n.b: critical ~ make/save money
why? small business is _all_ about priorities. and
mainly short term priorities. other things are
basically overheads (of time, money and probably
both) to be avoided at all costs.
n.b: priorities ~ cash flow
if security fits on that list they're probably
selling it.
hey - i'm not saying this is universal, i'm just
saying don't jump in too deep. i've done it - it
will only get returns in very specific cases (of
which i've yet to come across).
good luck,
-- : fergus cameron : [ .] cobbled : : ^^^^^^@cobbled.net : [ ~][ ] .net : ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
- Previous message: CHEN, Chuan: "Application Level Pen Test"
- In reply to: miguel.dilaj_at_pharma.novartis.com: "Re: SME risk assessment (Was: Bank Assessment)"
- Next in thread: Max: "Re: Bank Assessment"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
