On 24/12/2005, at 7:14 AM, Ivan Arce wrote:
I would summarize (from a provider's perspective) the msot important
things as follows:
- A well-defined defined scope
- A well-prepared action plan including all the relevant points of
contact with the customer and an agreed-upon way to communicate with
them. They should be aware that the assessment will take place during
weeks X-Y and they'll need to get involved.
- A precise timeframe and work schedule.
- A follow-up plan to act on the results.
Hi,
I agree with Ivan's points here. These kinds of issues occur so
regularly for us with clients that we put a presentation together to
illustrate how mistakes cost them money and review opportunity:
http://www.assurance.com.au/resources/presentations/Maximizing-the-
benefits-of-VA.pdf
Our point is that the last thing we want is for these kinds of
mistakes to prevent more thorough assessment from occurring. It's
their resources (money, time) that's being wasted.
regards,
Neal
___________
Neal Wise CISSP CISA - neal.wise[at]assurance.com.au
PGP: 1DAA 1F81 EE57 F975 BA41 5BBA 7C38 F9F0 522D F20E
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
