Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Security Grade

from [Ed Fuller] Network Security [Permanent Link]
Subject: Re: Security Grade
Date: Mon, 10 Dec 2007 18:37:32 -0700 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

If you are looking for a good way to score the results, I recommend
(with bias) the NSA IEM. It is flexible for any organization and can be
used no matter the scope.  It is also a great mechanism for scoring
findings from all three areas, Management, Operational, and Technical.

                        Ed Fuller, CISSP, IEM, IAM
COO/Principal                                  ed@securityhorizon.com
Phone: 719-488-4500                    http://www.securityhorizon.com
FAX: 719-268-1709                                      Copyright 2007
Cell: 719-659-8195
                           Security Horizon, Inc
                "Your global information security experts"


JD Lampard wrote:

A points system is what I use... 0 (worst) - 10
(best).  Then a overall percentage is given which
helps people put the score into perspective easily. 
However, this can also be misleading... let's say test
by test you get 10 except for a couple tests for
router, firewall, and IDS for which you get very bad
scores.  Looking at the overall score gives a false
sense of security to the casual reporter reader.

Hope this helps.

--- 11ack3r <11ack3r@gmail.com> wrote:


Hi,

Is there a security criteria or matrix against which
we could grade
customer's pen test results? Like assigning them
grade between A to E
or 1 to 10.

*.*



------------------------------------------------------------------------

This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE
today!

http://www.cenzic.com/downloads


------------------------------------------------------------------------






      
____________________________________________________________________________________
Be a better friend, newshound, and 
know-it-all with Yahoo! Mobile.  Try it now.  
http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ 


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHXencg99bUKUEkroRAvObAJ9II/VtRlNYVCLPT7wKdHUPVCmr8QCg8EuU
JyJlpqGAgl1EksWq23Gq6/I=
=fnF9
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Unicornscan - New Version (0.4.7) Released, Sol_Invictus
Next by Date:  Re: Pointers to Free Web Vulnerability Scanners for Blackbox testing, Serg B
Previous by Thread:  Re: Security Grade, JD Lampard
Next by Thread:  Re: Security Grade, dave-san
Indexes:  [Date] [Thread] [Top] [All Lists]