While I agree with the thrust of this article, the fact is that much of the complexity is there because without it, many would not accept that the risks exist.
Yes, it is critical that an organization also receive some guidance about how to prioritize the risks and remediate them, but if organizations insist on not maintaining FTEs or consultants who can provide that information/guidance, and they don't seek a qualified security vendor to partner with to obtain said information/guidance, is the problem really the size or complexity of the penetration testing report? * * *ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of Technology for the SMB market… * On Tue, Apr 3, 2012 at 9:31 AM, Kennedy, Jim <[email protected]>wrote: > I’ve seen it, my kid wrote it. J**** > > ** ** > > He is currently ripping on the industry pen test standards, much as you > were last week.**** > > ** ** > > > http://searchsecurity.techtarget.com/news/2240147882/Expert-advocates-for-more-effective-pen-tests-less-complex-security > **** > > ** ** > > ** ** > > *From:* Ziots, Edward [mailto:[email protected]] > *Sent:* Tuesday, April 03, 2012 9:28 AM > > *To:* NT System Admin Issues > *Subject:* RE: OT: Favour to ask**** > > ** ** > > Take a look at the social engineers toolset, its pretty amazing what you > can do with those tools, to test how well your users are equipped against > social engineering threats. **** > > ** ** > > EZ**** > > ** ** > > Edward Ziots**** > > CISSP, Security +, Network +**** > > Security Engineer**** > > Lifespan Organization**** > > [email protected]**** > > ** ** > > *From:* Kennedy, Jim [mailto:[email protected]] > *Sent:* Monday, April 02, 2012 4:08 PM > *To:* NT System Admin Issues > *Subject:* RE: OT: Favour to ask**** > > ** ** > > Yes, we all should have sandboxes for this kind of thing.**** > > ** ** > > *From:* Cameron [mailto:[email protected]<[email protected]>] > > *Sent:* Monday, April 02, 2012 4:05 PM > *To:* NT System Admin Issues > *Subject:* Re: OT: Favour to ask**** > > ** ** > > Andrew...you are of course correct! Thankfully we are not our end-users! > LOL!**** > > On Mon, Apr 2, 2012 at 3:08 PM, Andrew S. Baker <[email protected]> wrote: > **** > > Isn't this the sort of thing we teach our end-users not to fall for in an > effort to avoid social engineering issues? **** > > > Why would we undermine our own education in this arena? > **** > > *ASB***** > > *http://XeeMe.com/AndrewBaker <http://xeeme.com/AndrewBaker>***** > > *Harnessing the Advantages of Technology for the SMB market…***** > > ** ** > > On Mon, Apr 2, 2012 at 2:53 PM, Cameron <[email protected]> wrote:* > *** > > Good afternoon all!**** > > **** > > I have a favour to ask for my 2nd cousin Heather. She and some class mates > have done an assignment for her Cardiology Final (she is pre-med) as a > youtube presentation. The information is real, and they came up with a > fictional newscast channeling Chalies' Angles. The information is a real > study and the athlete in it is her boyfriend. The number of hits is going > to determine their grade.**** > > **** > > I would really appreciate it if you could just *hit* the video (you don't > need to watch it!).**** > > **** > > http://www.youtube.com/watch?v=H3TD98qRPAM&feature=youtu.be **** > > **** > > Thanks as always!**** > > Cameron**** > > ** ** > > > ** > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
