Re: Pen Test and Sec Org
- From: Joshua Gimer <jgimer@xxxxxxxxx>
- Date: Mon, 5 May 2008 16:07:33 -0600
I think that this really has to do with what is driving the security need in the organization. In my case there is a great regulatory need, that is why this office is the authority for the organization. If you were a hosting provider, then there would be more of an IT Security need because the majority of the security functions performed are at the technical level.
There is no real wrong way to do this; just determine who the stakeholders are, and call a meeting.
Joshua Gimer
On May 5, 2008, at 3:54 AM, Soso Aboso wrote:
I am also very interseting on how to split the rsponsibilities
----- Original Message ----
From: Soso Aboso <sosokkam@xxxxxxxxx>
To: pen-test@xxxxxxxxxxxxxxxxx
Sent: Monday, May 5, 2008 12:26:01 PM
Subject: Pen Test and Sec Org
Greetings,
In the organization I work for there are two security team, one with enterprise role “Information Security” and their mean focus on governance, awareness, and risk assessment. The second team is for IT “IT Security” and their mean focus on IT security projects and managing the security Devices. The question I have, did any of you came through such organization structure, is it recommended, what standards support such security organization, who should be the owner of penetration tests in such organization?
Thanks you in advance for your feedback
Regards
____________________________________________________________________________________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
____________________________________________________________________________________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
- References:
- Re: Pen Test and Sec Org
- From: Soso Aboso
- Re: Pen Test and Sec Org
- Prev by Date: RE: Fwd: Terminal services and remote programs.
- Next by Date: Re: difference between Stager and Inline payloads
- Previous by thread: Re: Pen Test and Sec Org
- Next by thread: RE: Pen Test and Sec Org
- Index(es):
Relevant Pages
|
