Re: Gartner's Security 3.0

From: pkc_mls <pkc_mls@xxxxxxxx>
Date: Thu, 18 Oct 2007 12:10:30 +0200

M.B.Jr. a écrit :

Pentesters,

Gartner's recently -- during its 2007 IT Security Summit -- released
it's new corporative Information Security approach, named "Security
3.0".
Basically, it suggests that 8 percent (and no less whatsoever than 5%)
of the companies' IT budget be focused on security.

It is something no doubt but personally I think it could be more, say 10%.

Hi,

just a french example (please take some time before bashing).

there was a huge fire in a bank in paris in the 90s, and after this event all banks started to think about disaster recovery.

for the security, as some other already answered, it depends on how sensitive is the IT or the global management to security.

if some friend already has an issue with security, or if they had a phishing problem with lot of money involved, I think they'll
think more about security.

for some companies, it's also part of their job to have the network secured so they can sell their products (pills or medicine
for example).

then, you can even invest 20, 30 % to security, if the goal is only to put the latest firewall and never watch the log, perhaps
the investment doesn't matter.

IMHO the hardest part is to maintain a good level of security (everyone knows that as soon as you are connected to a network,
you cannot be a 100% secure) as your network is always modified.

The thing is:
how are you, as a pentester, feeling such, concerning your incomes?

Yours faithfully,

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

Follow-Ups:
- Re: Gartner's Security 3.0
  - From: M.B.Jr.
- Re: Gartner's Security 3.0
  - From: Guilaume Vissian

References:
- Gartner's Security 3.0
  - From: M.B.Jr.

Prev by Date: Re: Executing PHP Code from MSSQL table
Next by Date: Re: Directory Transversal
Previous by thread: Re: Gartner's Security 3.0
Next by thread: Re: Gartner's Security 3.0
Index(es):
- Date
- Thread

Relevant Pages

Behind the Shield, July 2004
... Read on to learn how Guardian Digital is currently supplying network security ... Stock Exchange with Secure Internet ... patch management has become exponentially important to the ...
(comp.os.linux.misc)
Behind the Shield, July 2004
... Read on to learn how Guardian Digital is currently supplying network security ... Stock Exchange with Secure Internet ... patch management has become exponentially important to the ...
(comp.os.linux)
Behind the Shield, July 2004
... Read on to learn how Guardian Digital is currently supplying network security ... Stock Exchange with Secure Internet ... patch management has become exponentially important to the ...
(comp.os.linux.security)
Re: Silly network question : communicating between 2 remote machines
... Ok, first security. ... Having secure comms means nothing if either end of the ... Check the machines on your network are clean. ... PPTP, point to point. ...
(alt.os.linux.suse)
Re: Ten least secure programs
... it's probably better you leave the topic alone ... I said I do not have security issues with the programs I code. ... I didn't realize you were a Linux user, ... > the most widely used and secure UNIX flavors? ...
(Security-Basics)