From: Paul Melson (pmelson@gmail.com)
Date: Wed Jan 31 2007 - 15:26:51 EST
> what do you mean by "what the *company* is doing, not what the users are
doing."
>
> We have policy in place however my purpose of pen testing the user
community is to justify initial
> training cost/time. After training has taken place run similar test and
compare the results to see if
> the training is effective.
That's what I meant - using it as a tool to see how well things like
policies and training are working in your company. Your results should be
focused on how well employees follow the policy, not whether or not they are
savvy enough to avoid being scammed.
PaulM
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:34 EDT