Thought I would post a question here, nessus related -- kinda OT. Would
like any appropriate feedback ...
If someone is drawing up a vulnerability and "costs of fixing this network"
document; am I overlooking associated costs with securing a network using
Nessus?
1. Accept the risk
costs: (potential) legal, downtime, publicity
2. Use Nessus to figure out the vulnerabilities
costs: build nessus box, install + update, policy creation for
scans, scan times, scan reviews, vulnerability research, patch research,
patch install, administrative red tape
