mailing list archives
Re: [PEN-TEST] Evaluating Auditors Abilities
From: topher hughes <thughes () CISCO COM>
Date: Thu, 7 Sep 2000 18:07:16 -0500
Actually, just to offer a counter-view, we (Cisco) don't provide
references. Think about it - there is still a perception in a large part
of the general populace that if you've had an audit performed recently,
there must be something wrong...you were hacked, you were about to be
hacked, etc. We also want to abide by any confidentiality agreements in
place as well.
I definitely agree that one of the best things to do as a customer is to
have your technical people talk to the actual assessors, and make sure
they have a clue.
*shrug* just a comment.
"Emeigh, Mike" wrote:
How can companies decide which auditors really do a decent job
and are worth their value ?
I'd first ask the auditors to provide references, and then
contact those companies. If the auditors aren't willing to
provide references, I'd be suspicious.
piratefan1 () mindspring com