From: johnny Mnemonic (security4thefainthearted@hotmail.com)
Date: Thu Mar 02 2006 - 07:06:25 EST
Hi
I'm interested in the group's feedback on the most accepted way to deliver a
final PT report to a client. Best practices indicate that reports are only
sent to a select group of people in each of the Red/White/blue teams, and
docs are sent via encrypted email and/or the document itself encrypted with
public/private keys exchanged at the start of the engagement. I've even
heard that sending electronic copies of the report is a no-no and only a
hardcopy should be couried. Could someone weight in on caveats and/or
industry standards for report delivery?
Also how would report delivery best practices from an internal pesting team
differ (if at all) from that of a third party consulting outfit.
Many thanks.
_________________________________________________________________
Find just what you are after with the more precise, more powerful new MSN
Search. http://search.msn.com.sg/ Try it now.
------------------------------------------------------------------------------
This List Sponsored by: Lancope
"Discover the Security Benefits of Cisco NetFlow"
Learn how Cisco NetFlow enables cost-effective security across distributed
enterprise networks. StealthWatch, the veteran Network Behavior Analysis (NBA)
and Response solution, leverages Cisco NetFlow to provide scalable,
internal network security.
Download FREE Whitepaper "Role of Network Behavior Analysis (NBA) and Response
Systems in the Enterprise."
http://www.lancope.com/resource/
------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:35 EDT