Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] Evaluating Auditors Abilities
From: topher hughes <thughes () CISCO COM>
Date: Thu, 7 Sep 2000 18:07:16 -0500

Actually, just to offer a counter-view, we (Cisco) don't provide
references. Think about it - there is still a perception in a large part
of the general populace that if you've had an audit performed recently,
there must be something wrong...you were hacked, you were about to be
hacked, etc. We also want to abide by any confidentiality agreements in
place as well.

I definitely agree that one of the best things to do as a customer is to
have your technical people talk to the actual assessors, and make sure
they have a clue.

*shrug* just a comment.

                                                        --topher

"Emeigh, Mike" wrote:

Derrick wrote:

(snip)

How can companies decide which auditors really do a decent job
and are worth their value ?

I'd first ask the auditors to provide references, and then
contact those companies. If the auditors aren't willing to
provide references, I'd be suspicious.

Mike Emeigh
piratefan1 () mindspring com


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]