Penetration Testing mailing list archives
Re: mapping vulnerabilities into high medium low risk
From: "Meritt James" <meritt_james () bah com>
Date: Fri, 19 Sep 2003 10:03:16 -0400
Concur. It is a risk to them. They know their resources and the value they give them much more than you do. I had a meeting with clients that went on for hours going over and over this exact point. Present your default position and let them reword/rework as they see fit. If you get their buy-in first, the results will be much more acceptable. Jim Omar Herrera wrote:
This is the best approach in my opinion; Let the client decide what is high, medium or low for him, because, now matter how much we know about security, clients will always know their business better.
-- James W. Meritt CISSP, CISA Booz | Allen | Hamilton phone: (410) 684-6566 --------------------------------------------------------------------------- FREE Trial! New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL and PROFESSIONAL TL software. Fast, reliable vulnerability assessment technology powered by the award-winning FoundScan engine. Try it free for 21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825 ----------------------------------------------------------------------------
Current thread:
- Re: mapping vulnerabilities into high medium low risk Meritt James (Sep 19)
- <Possible follow-ups>
- Re: mapping vulnerabilities into high medium low risk George W. Capehart (Sep 19)