mailing list archives
Re: [PEN-TEST] Evaluating Auditors Abilities
From: David Hopkins <David () COMPUSA COM>
Date: Thu, 7 Sep 2000 14:57:34 -0500
I'd be alittle leary using Auditors for Penetrations anyway, I'd opt
more for a Security Consulting firm that specializes in Penetrations and
who will gladly offer references since it's their livelihood. They may
even do a limited scope "freebie" to show what they can offer and they
should be able to thoroughly explain their results, if they can't you
don't have to go any further and you're not out any $.
David Hopkins, CISSP
CompUSA IT Security Manager
From: Emeigh, Mike [mailto:piratefan1 () MINDSPRING COM]
Sent: Thursday, September 07, 2000 12:53 PM
To: PEN-TEST () SECURITYFOCUS COM
Subject: Re: Evaluating Auditors Abilities
How can companies decide which auditors really do a decent job
and are worth their value ?
I'd first ask the auditors to provide references, and then
contact those companies. If the auditors aren't willing to
provide references, I'd be suspicious.
piratefan1 () mindspring com