From: Brahman Thiyagalingham (adsl5rlp@tpg.com.au)
Date: Sat Jun 11 2005 - 19:19:54 EDT
Hi all,
my take on this situation is that Scenario A will have the
most usefulness to the company because it allows them to implement a
cost effective security solution based on organisational risk rather
than simply putting in something based on the reccomendation of a
consultant.
This is my take on the matter and am happy to discuss this further with
anyone.
Regards
Brahman
brahmant@tpg.com.au
tarunthenut@gmail.com wrote:
>I was wondering the usefulness of a penetration testing against vulnerability assessment for a company.
>
>Scenario A
>Cosultant "A is employed to perform a vulnerability assessment and the result is tabulated based on the business risk these vulnerabilities pose.
>
>Scenario B
>Cosultant "B is employed to perform a Penetration Test, discovers 10 vulnerabilities and is able to show exploit of 5 vulnerabilities.
>
>Scenario C
>Cosultant "C" is employed to perform a Penetration Test, discovers 10 vulnerabilities and is able to show exploit of 7 vulnerabilities.
>
>Which scenario would have more usefulness to the company? it is ovbious that the result of a PT would depend and vary from skill of a consultant to another?
>
>
>
>
>
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:24 EDT