Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: mapping vulnerabilities into high medium low risk
From: "Meritt James" <meritt_james () bah com>
Date: Fri, 19 Sep 2003 10:03:16 -0400

Concur.  It is a risk to them.  They know their resources and the value
they give them much more than you do.

I had a meeting with clients that went on for hours going over and over
this exact point.  Present your default position and let them
reword/rework as they see fit.  If you get their buy-in first, the
results will be much more acceptable.

Jim

Omar Herrera wrote:

This is the best approach in my opinion; Let the client decide what is
high, medium or low for him, because, now matter how much we know about
security, clients will always know their business better.


-- 
James W. Meritt CISSP, CISA
Booz | Allen | Hamilton
phone: (410) 684-6566

---------------------------------------------------------------------------
FREE Trial!
New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL 
and PROFESSIONAL TL software. Fast, reliable vulnerability assessment 
technology powered by the award-winning FoundScan engine. Try it free for  21 days at: 
http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]