From: M.B.Jr. (marcio.barbado@gmail.com)
Date: Tue Oct 23 2007 - 10:40:41 EDT
Dear Guilaume Vissian,
On 10/19/07, Guilaume Vissian <somebodyishere@gmail.com> wrote:
> Hi,
>
> To follow with a french example... You were talking about network
> security, but there is more than that, in my mind the IT security
> audit has also to include environmental things such as : Management,
> Orgnisation, and people don't forget the mitnick example, this guy
> use social engineering a lot ! So the french government find an
> answer to that establishing the ISO 27001, but in my mind Social
> Engineering is not really yet, audited.
The ISO/IEC 27000 series are pretty complete; it also covers some
human nature's weak points as it infers a PDCA approach to corporative
infosec.
Our market's scene, as it is, leads to services more than products,
which is good for network audit professionals.
> Otherwise, discussing about economy there is on the market one or two
> products which will audit a network and following the information
> given, will show you the amount of money that you may loose if a part
> of the network or a single server fall... A such product may answer
> your problem. I can't remember the name of the product but I remember
> that they are expensive, now it is also your choice.... if you want
> to use less money for your cofee and more for your security or
> not... ;0)
> Finally it is true, that presently the full audit (I mean Economy +
> Management + Network + .... ) are not purposed by companies as one
> audit but as multiple types of audit....
>
> Best regards
>
> Le 18 oct. 07 à 12:10, pkc_mls a écrit :
>
> > M.B.Jr. a écrit :
> >> Pentesters,
> >>
> >> Gartner's recently -- during its 2007 IT Security Summit -- released
> >> it's new corporative Information Security approach, named "Security
> >> 3.0".
> >> Basically, it suggests that 8 percent (and no less whatsoever than
> >> 5%)
> >> of the companies' IT budget be focused on security.
> >>
> >> It is something no doubt but personally I think it could be more,
> >> say 10%.
> >>
> > Hi,
> >
> > just a french example (please take some time before bashing).
> >
> > there was a huge fire in a bank in paris in the 90s, and after this
> > event all banks started to think about disaster recovery.
> >
> > for the security, as some other already answered, it depends on how
> > sensitive is the IT or the global management to security.
> >
> > if some friend already has an issue with security, or if they had a
> > phishing problem with lot of money involved, I think they'll
> > think more about security.
> >
> > for some companies, it's also part of their job to have the network
> > secured so they can sell their products (pills or medicine
> > for example).
> >
> > then, you can even invest 20, 30 % to security, if the goal is only
> > to put the latest firewall and never watch the log, perhaps
> > the investment doesn't matter.
> >
> > IMHO the hardest part is to maintain a good level of security
> > (everyone knows that as soon as you are connected to a network,
> > you cannot be a 100% secure) as your network is always modified.
> >> The thing is:
> >> how are you, as a pentester, feeling such, concerning your incomes?
> >>
> >>
> >> Yours faithfully,
> >>
> >
> >
> > ----------------------------------------------------------------------
> > --
> > This list is sponsored by: Cenzic
> >
> > Need to secure your web apps NOW?
> > Cenzic finds more, "real" vulnerabilities fast.
> > Click to try it, buy it or download a solution FREE today!
> >
> > http://www.cenzic.com/downloads
> > ----------------------------------------------------------------------
> > --
> >
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------
>
>
-- Marcio Barbado, Jr. ============== ============== "In fact, companies that innovate on top of open standards are advantaged because resources are freed up for higher-value work and because market opportunities expand as the standards proliferate." Scott Handy Vice President Worldwide Linux and Open Source, IBM ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:10 EDT