Re: Security Grade
- From: Ed Fuller <ed@xxxxxxxxxxxxxxxxxxx>
- Date: Mon, 10 Dec 2007 18:37:32 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
If you are looking for a good way to score the results, I recommend
(with bias) the NSA IEM. It is flexible for any organization and can be
used no matter the scope. It is also a great mechanism for scoring
findings from all three areas, Management, Operational, and Technical.
Ed Fuller, CISSP, IEM, IAM
COO/Principal ed@xxxxxxxxxxxxxxxxxxx
Phone: 719-488-4500 http://www.securityhorizon.com
FAX: 719-268-1709 Copyright 2007
Cell: 719-659-8195
Security Horizon, Inc
"Your global information security experts"
JD Lampard wrote:
A points system is what I use... 0 (worst) - 10-----BEGIN PGP SIGNATURE-----
(best). Then a overall percentage is given which
helps people put the score into perspective easily.
However, this can also be misleading... let's say test
by test you get 10 except for a couple tests for
router, firewall, and IDS for which you get very bad
scores. Looking at the overall score gives a false
sense of security to the casual reporter reader.
Hope this helps.
--- 11ack3r <11ack3r@xxxxxxxxx> wrote:
Hi,------------------------------------------------------------------------
Is there a security criteria or matrix against which
we could grade
customer's pen test results? Like assigning them
grade between A to E
or 1 to 10.
*.*
This list is sponsored by: Cenzic------------------------------------------------------------------------
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE
today!
http://www.cenzic.com/downloads
____________________________________________________________________________________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHXencg99bUKUEkroRAvObAJ9II/VtRlNYVCLPT7wKdHUPVCmr8QCg8EuU
JyJlpqGAgl1EksWq23Gq6/I=
=fnF9
-----END PGP SIGNATURE-----
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
- References:
- Re: Security Grade
- From: JD Lampard
- Re: Security Grade
- Prev by Date: RE: Unicornscan - New Version (0.4.7) Released
- Next by Date: Re: Pointers to Free Web Vulnerability Scanners for Blackbox testing
- Previous by thread: Re: Security Grade
- Next by thread: Re: Security Grade
- Index(es):
Relevant Pages
|
