|
Penetration Testing
mailing list archives
RE: Testing the user community
From: "Paul Melson" <pmelson () gmail com>
Date: Wed, 31 Jan 2007 15:26:51 -0500
what do you mean by "what the *company* is doing, not what the users are
doing."
We have policy in place however my purpose of pen testing the user
community is to justify initial
training cost/time. After training has taken place run similar test and
compare the results to see if
the training is effective.
That's what I meant - using it as a tool to see how well things like
policies and training are working in your company. Your results should be
focused on how well employees follow the policy, not whether or not they are
savvy enough to avoid being scammed.
PaulM
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
- Re: Testing the user community, (continued)
| 
Intro
