Pentest Criteria



Hey guys,

Another question for you. Usually when we do pentests for our clients we
report our findings and recommendations. We've never had to report the
criteria our findings/vulnerabilities are based on as well. By criteria
I mean industry standards or best practices, e.g., NIST 800_53, CoBIT,
etc.

What if a client wants criteria reported as well. I'm not sure if there
is one I can use without running the risk of it being too far removed.
Is there a frame work or best practice which lends itself to pentests?
Or do I have to try to layer NIST on top of it

Thoughts?

Thanks guys.

Kurt M. John, CISA, C¦EH, CPT

Sent from my HTC on the Now Network from Sprint!



------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



Relevant Pages

  • Re: Selecting Records to Print Based on Criteria
    ... I double-clicked on a report selector to open ... parameters that have nothing to do with criteria. ... one called Clients and one called Invoices. ...
    (microsoft.public.access.reports)
  • Re: Conditional Formatting on client
    ... If I take a front end DB with this report and put it on a shared drive (the ... 2003, 2007) and all of the criteria work, all of the formatting works ... Open it on the shared drive with these two specific Access 2003 clients ... and none of the criteria work. ...
    (microsoft.public.access.reports)
  • Re: Selecting Records to Print Based on Criteria
    ... >> is a lot easier for selecting criteria to print than ... I tried to build a query ... one called Clients and one called ... >> I want a report that will print ...
    (microsoft.public.access.reports)
  • Re: using a form with combo box to input criteria
    ... Candia Computer Consulting - Candia NH ... When you removed the criteria, ... Then your criteria in the query would be... ... query behind your main report. ...
    (microsoft.public.access.forms)
  • Re: using a form with combo box to input criteria
    ... Candia Computer Consulting - Candia NH ... When you removed the criteria, ... Then your criteria in the query would be... ... query behind your main report. ...
    (microsoft.public.access.forms)