Home page logo

pen-test logo Penetration Testing mailing list archives

Re: mapping vulnerabilities into high medium low risk
From: "Meritt James" <meritt_james () bah com>
Date: Fri, 19 Sep 2003 10:03:16 -0400

Concur.  It is a risk to them.  They know their resources and the value
they give them much more than you do.

I had a meeting with clients that went on for hours going over and over
this exact point.  Present your default position and let them
reword/rework as they see fit.  If you get their buy-in first, the
results will be much more acceptable.


Omar Herrera wrote:

This is the best approach in my opinion; Let the client decide what is
high, medium or low for him, because, now matter how much we know about
security, clients will always know their business better.

James W. Meritt CISSP, CISA
Booz | Allen | Hamilton
phone: (410) 684-6566

FREE Trial!
New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL 
and PROFESSIONAL TL software. Fast, reliable vulnerability assessment 
technology powered by the award-winning FoundScan engine. Try it free for  21 days at: 

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]