Home page logo

pen-test logo Penetration Testing mailing list archives

RE: Business justification for pentesting
From: "Vic N" <vic778 () hotmail com>
Date: Wed, 31 Aug 2005 16:03:43 -0700

For Visa / MC PCI 1.0 specification (requirement 11.3), an annual pen test of network infrastructure and applications must take place once a year w/remediation.

www.visa.com/cisp (see PCI data security standard)

hi all,

a few classic question that i would appriciate any answers for.
1- i would like to briefly know how to quantify information assets. In other words, i hear a pentester say: if a hacker breaks in ur network, u will loose up to 40000$ for example. how can he come up with such figures?

2- are there any other means to justify pentesting for management except for $$$?

3- are there any official statistics, figures etc. for justifying pentesting. ther more official it is the better.

4- any other information you guys might find helpful in justifying a pentest would be appriciated.

thnx in advance for ur help.


Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at:


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]