From: Davi Ottenheimer (DaviO@westmarine.com)
Date: Mon Mar 07 2005 - 11:45:12 EST
It helps to be extremely familiar with the organization and understand how they rate/value their assets. That will bridge your vulnerability reports to their strategic view of risk, as well as day-to-day processes. Understanding the relevant compliance and regulatory issues will also help, as you can show that specific vulnerabilities translate into real penalties for non-compliance. In other words, if your client is a hospital, then your investigation and scanning should be at least able to demonstrate familiarity with patient confidentiality, and critical system availability, etc. as well as the Health Insurance Portability and Accountability Act of 1996 (HIPPA)...
>>> Dan Rogers <pentestguy@gmail.com> 03/05/05 08:05AM >>>
[...]
So how do you lot approach testing a lage network? Also, how do you
decide what to report to the client on?
Cheers
Dan
************************************************************************************************
The contents of this email and any attachments are confidential.
It is intended for the named recipient(s) only.
If you have received this email in error please notify the system manager or the
sender immediately and do not disclose the contents to anyone or make copies.
This email was scanned for viruses, vandals and malicious content.
via mail3.westmarine.com
*************************************************************************************************
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:17 EDT