From: Meritt James (meritt_james@bah.com)
Date: Fri Sep 19 2003 - 10:03:16 EDT
Concur. It is a risk to them. They know their resources and the value
they give them much more than you do.
I had a meeting with clients that went on for hours going over and over
this exact point. Present your default position and let them
reword/rework as they see fit. If you get their buy-in first, the
results will be much more acceptable.
Jim
Omar Herrera wrote:
>
> This is the best approach in my opinion; Let the client decide what is
> high, medium or low for him, because, now matter how much we know about
> security, clients will always know their business better.
-- James W. Meritt CISSP, CISA Booz | Allen | Hamilton phone: (410) 684-6566 --------------------------------------------------------------------------- FREE Trial! New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL and PROFESSIONAL TL software. Fast, reliable vulnerability assessment technology powered by the award-winning FoundScan engine. Try it free for 21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825 ----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:40 EDT