RE: Business justification for pentesting

From: Vic N (vic778@hotmail.com)
Date: Wed Aug 31 2005 - 19:03:43 EDT


For Visa / MC PCI 1.0 specification (requirement 11.3), an annual pen test
of network infrastructure and applications must take place once a year
w/remediation.

www.visa.com/cisp (see PCI data security standard)

>hi all,
>
>a few classic question that i would appriciate any answers for.
>1- i would like to briefly know how to quantify information assets. In
>other words, i hear a pentester say: if a hacker breaks in ur network, u
>will loose up to 40000$ for example. how can he come up with such figures?
>
>2- are there any other means to justify pentesting for management except
>for $$$?
>
>3- are there any official statistics, figures etc. for justifying
>pentesting. ther more official it is the better.
>
>4- any other information you guys might find helpful in justifying a
>pentest would be appriciated.
>
>thnx in advance for ur help.
>
>T.N
>

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:48 EDT