Penetration Testing: RE: Business justification for pentesting

["Vic N" <vic778 () hotmail com>]

For Visa / MC PCI 1.0 specification (requirement 11.3), an annual pen test 
of network infrastructure and applications must take place once a year 
w/remediation.
www.visa.com/cisp (see PCI data security standard)

> hi all,
>
> a few classic question that i would appriciate any answers for.
> 1- i would like to briefly know how to quantify information assets. In 
> other words, i hear a pentester say: if a hacker breaks in ur network, u 
> will loose up to 40000$ for example. how can he come up with such figures?
> 2- are there any other means to justify pentesting for management except 
> for $$$?
> 3- are there any official statistics, figures etc. for justifying 
> pentesting. ther more official it is the better.
> 4- any other information you guys might find helpful in justifying a 
> pentest would be appriciated.
> thnx in advance for ur help.
>
> T.N


------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------