Educause Security Discussion
mailing list archives
Re: Penetration Testing
From: Willis Marti <wmarti () TAMU EDU>
Date: Wed, 19 Dec 2012 08:58:44 -0600
Do you actually mean "penetration testing" or do you really
want a vulnerability assessment? Or just an external vulnerability scan?
LOTS of folk will do a Nessus-like scan, possibly rating the vulnerabilities
high/medium/low, but very few will go further and say "your security
status is passing/failing".
I don't think "zero defects" is reasonable for higher ed; we're not a bank or
military facility. Our job is to distribute information.
So what do you really want?
----- Original Message -----
Does anyone have any recommendations for companies that do
penetration testing? We are considering bringing in an outside company to do
penetration testing on Lehigh's systems and network and would like someone with
experience in the higher ed domain. Reply here or off-line if you prefer.
Director and CISO
Networking and Information Security
Texas A&M University