Penetration Testing mailing list archives

Re: Pen Test and Sec Org

From: Joshua Gimer <jgimer () gmail com>
Date: Mon, 5 May 2008 16:07:33 -0600

I think that this really has to do with what is driving the securityneed in the organization. In my case there is a great regulatory need,that is why this office is the authority for the organization. If youwere a hosting provider, then there would be more of an IT Securityneed because the majority of the security functions performed are atthe technical level.

There is no real wrong way to do this; just determine who thestakeholders are, and call a meeting.


Joshua Gimer

On May 5, 2008, at 3:54 AM, Soso Aboso wrote:

I am also very interseting on how to split the rsponsibilities

----- Original Message ----
From: Soso Aboso <sosokkam () yahoo com>
To: pen-test () securityfocus com
Sent: Monday, May 5, 2008 12:26:01 PM
Subject: Pen Test and Sec Org

Greetings,
In the organization I work for there are two security team, one withenterprise role “Information Security” and their mean focus ongovernance, awareness, and risk assessment. The second team is forIT “IT Security” and their mean focus on IT security projects andmanaging the security Devices. The question I have, did any of youcame through such organization structure, is it recommended, whatstandards support such security organization, who should be theowner of penetration tests in such organization?
Thanks you in advance for your feedback

Regards
____________________________________________________________________________________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile.  Try it now.  http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
____________________________________________________________________________________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile.  Try it now.  http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

Current thread:

Pen Test and Sec Org Soso Aboso (May 05)
- Re: Pen Test and Sec Org Joey Peloquin (May 06)
- Re: Pen Test and Sec Org DaKahuna (May 06)
- <Possible follow-ups>
- Re: Pen Test and Sec Org Soso Aboso (May 05)
  - Re: Pen Test and Sec Org Joshua Gimer (May 06)
  - RE: Pen Test and Sec Org Justin Townsend (May 06)