Business justification for pentesting

From: sectraq@gmail.com
Date: Tue Aug 30 2005 - 12:29:35 EDT

• Next message: Lachniet, Mark: "Has anyone used the ScanAlert.com service?"
• Previous message: Marc.Werner@t-systems.com: "AW: Where are Windows "Enforce password history" passwords stored ?"
• Next in thread: William Tarkington: "RE: Business justification for pentesting"
• Maybe reply: William Tarkington: "RE: Business justification for pentesting"
• Reply: Omar A. Herrera: "RE: Business justification for pentesting"
• Reply: Adam Chesnutt: "Re: Business justification for pentesting"
• Maybe reply: Michael Scheidell: "RE: Business justification for pentesting"
• Reply: Lynx: "Re: Business justification for pentesting"
• Maybe reply: Ha, Jason: "RE: Business justification for pentesting"
• Reply: Irene Abezgauz: "Re: Business justification for pentesting"
• Reply: rmeijer@xs4all.nl: "Re: Business justification for pentesting"
• Maybe reply: Craig Wright: "RE: Business justification for pentesting"
• Maybe reply: Leveque, Vincent E.: "Re: Business justification for pentesting"
• Maybe reply: Craig Wright: "RE: Business justification for pentesting"
• Maybe reply: Steve Manzuik: "RE: Business justification for pentesting"
• Reply: Vic N: "RE: Business justification for pentesting"
• Maybe reply: Craig Wright: "RE: Business justification for pentesting"
• Maybe reply: Michael Gargiullo: "RE: Business justification for pentesting"
• Maybe reply: Craig Wright: "RE: Business justification for pentesting"
• Maybe reply: Craig Wright: "RE: Business justification for pentesting"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

a few classic question that i would appriciate any answers for.
1- i would like to briefly know how to quantify information assets. In other words, i hear a pentester say: if a hacker breaks in ur network, u will loose up to 40000$ for example. how can he come up with such figures?

2- are there any other means to justify pentesting for management except for $$$?

3- are there any official statistics, figures etc. for justifying pentesting. ther more official it is the better.

4- any other information you guys might find helpful in justifying a pentest would be appriciated.

thnx in advance for ur help.

T.N
 

• Next message: Lachniet, Mark: "Has anyone used the ScanAlert.com service?"
• Previous message: Marc.Werner@t-systems.com: "AW: Where are Windows "Enforce password history" passwords stored ?"
• Next in thread: William Tarkington: "RE: Business justification for pentesting"
• Maybe reply: William Tarkington: "RE: Business justification for pentesting"
• Reply: Omar A. Herrera: "RE: Business justification for pentesting"
• Reply: Adam Chesnutt: "Re: Business justification for pentesting"
• Maybe reply: Michael Scheidell: "RE: Business justification for pentesting"
• Reply: Lynx: "Re: Business justification for pentesting"
• Maybe reply: Ha, Jason: "RE: Business justification for pentesting"
• Reply: Irene Abezgauz: "Re: Business justification for pentesting"
• Reply: rmeijer@xs4all.nl: "Re: Business justification for pentesting"
• Maybe reply: Craig Wright: "RE: Business justification for pentesting"
• Maybe reply: Leveque, Vincent E.: "Re: Business justification for pentesting"
• Maybe reply: Craig Wright: "RE: Business justification for pentesting"
• Maybe reply: Steve Manzuik: "RE: Business justification for pentesting"
• Reply: Vic N: "RE: Business justification for pentesting"
• Maybe reply: Craig Wright: "RE: Business justification for pentesting"
• Maybe reply: Michael Gargiullo: "RE: Business justification for pentesting"
• Maybe reply: Craig Wright: "RE: Business justification for pentesting"
• Maybe reply: Craig Wright: "RE: Business justification for pentesting"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:48 EDT