Business justification for pentesting

sectraq_at_gmail.com
Date: 08/30/05

  • Next message: Lachniet, Mark: "Has anyone used the ScanAlert.com service?" 
    Date: 30 Aug 2005 16:29:35 -0000
To: pen-test@securityfocus.com
    ('binary' encoding is not supported, stored as-is) hi all,

    a few classic question that i would appriciate any answers for.
    1- i would like to briefly know how to quantify information assets. In other words, i hear a pentester say: if a hacker breaks in ur network, u will loose up to 40000$ for example. how can he come up with such figures?

    2- are there any other means to justify pentesting for management except for $$$?

    3- are there any official statistics, figures etc. for justifying pentesting. ther more official it is the better.

    4- any other information you guys might find helpful in justifying a pentest would be appriciated.

    thnx in advance for ur help.

    T.N
     

  • Next message: Lachniet, Mark: "Has anyone used the ScanAlert.com service?"