Pentest Criteria
- From: "Kurt M. John" <kurt.md.john@xxxxxxxxx>
- Date: Wed, 01 Sep 2010 15:42:08 -0400
Hey guys,
Another question for you. Usually when we do pentests for our clients we
report our findings and recommendations. We've never had to report the
criteria our findings/vulnerabilities are based on as well. By criteria
I mean industry standards or best practices, e.g., NIST 800_53, CoBIT,
etc.
What if a client wants criteria reported as well. I'm not sure if there
is one I can use without running the risk of it being too far removed.
Is there a frame work or best practice which lends itself to pentests?
Or do I have to try to layer NIST on top of it
Thoughts?
Thanks guys.
Kurt M. John, CISA, C¦EH, CPT
Sent from my HTC on the Now Network from Sprint!
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
- Follow-Ups:
- Re: Pentest Criteria
- From: TAS
- Re: Pentest Criteria
- Prev by Date: Re: WAF Testing..suggestions??
- Next by Date: Re: Pentestn ASP website with tinymce
- Previous by thread: nullcon Goa dwitiya (2.0) Call For Papers
- Next by thread: Re: Pentest Criteria
- Index(es):
Relevant Pages
|
