Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Penetration Testing: Re: Pen Test and Sec Org

Re: Pen Test and Sec Org

From: Joshua Gimer <jgimer_at_gmail.com>
Date: Mon, 5 May 2008 16:07:33 -0600

I think that this really has to do with what is driving the security
need in the organization. In my case there is a great regulatory need,
that is why this office is the authority for the organization. If you
were a hosting provider, then there would be more of an IT Security
need because the majority of the security functions performed are at
the technical level.

There is no real wrong way to do this; just determine who the
stakeholders are, and call a meeting.

Joshua Gimer

On May 5, 2008, at 3:54 AM, Soso Aboso wrote:

> I am also very interseting on how to split the rsponsibilities
>
> ----- Original Message ----
> From: Soso Aboso <sosokkam_at_yahoo.com>
> To: pen-test_at_securityfocus.com
> Sent: Monday, May 5, 2008 12:26:01 PM
> Subject: Pen Test and Sec Org
>
> Greetings,
>
> In the organization I work for there are two security team, one with
> enterprise role “Information Security” and their mean focus on
> governance, awareness, and risk assessment. The second team is for
> IT “IT Security” and their mean focus on IT security projects and
> managing the security Devices. The question I have, did any of you
> came through such organization structure, is it recommended, what
> standards support such security organization, who should be the
> owner of penetration tests in such organization?
>
> Thanks you in advance for your feedback
>
> Regards
>
>
>
>
> ____________________________________________________________________________________
> Be a better friend, newshound, and
> know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
>
>
>
>
> ____________________________________________________________________________________
> Be a better friend, newshound, and
> know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------
>

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
Received on May 06 2008

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]