From: Benjamin Tomhave (list-procurare@secureconsulting.net)
Date: Thu Dec 06 2007 - 15:34:53 EST
There's a variety of techniques for this. Generally, it's best to just
compare scores internally over time. NSA IEM has a repeatable method for
doing this. Alternatively, one can adopt a security maturity model (such
as SSE-CMM) and use that to compare maturity against other organizations.
On Thu, December 6, 2007 6:17 am, 11ack3r wrote:
> Hi,
>
> Is there a security criteria or matrix against which we could grade
> customer's pen test results? Like assigning them grade between A to E
> or 1 to 10.
>
> *.*
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------
>
>
-- Benjamin Tomhave, MS, CISSP falcon@secureconsulting.net Web: http://falcon.secureconsulting.net/ LI: http://www.linkedin.com/in/btomhave Blog: http://www.secureconsulting.net/ Photos: http://photos.secureconsulting.net/ "We must scrupulously guard the civil liberties of all citizens, whatever their background. We must remember that any oppression, any injustice, any hatred is a wedge designed to attack our civilization." -President Franklin Delano Roosevelt ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:14 EDT