> From: Phil Cracknell [mailto:philat_private] > <SNIP> > > > Other problem can be also giving away > > > models and methods, because there are many > > smartasses that are just looking > > > after knowledge to do the job themselfs. > > We have a methodology and would not hesitate in giving it to our clients, we > do so regularly, and we also abstract from this a detailed test plan for > them. These documents allow for some form of measurement in all of this and > as a result if a cowboy tries to sell them a $500 remote scan they have > something to compare it too. Great I think the cowboys/salesfolk all need lining up against a wall... > The 'right' sort of client will have already identified that doing the job > themselves is not the right approach I would hope, regardless of how smart > their ass is. Nope, I totally disagree. If the company can afford to spend circa $150,000 pa on a _good_ consultant, that consultant will know more about their infrastructure, technologies, software and risks than any "one week wonder". They'll also gauge risk accurately for *that* company, e.g. which is worse - intrusion or DOS ? For (say) a retailer, a small intrusion will cost them a lot less than a total DOS, but for a bank the reverse is likely to be true....for instance. It's nice to have fresh young 'uns that can "walk-the-walk" - if you can't... But frankly it's far better value to get a permanent, 100% security guru to do the work, and give them the responsibility to monitor and enforce a level of security before, before and after infrastructure goes live. Saying that a smart client is never as good as a consultant assumes the cream of the security set (ahem) haven't gone "permie"... ...say, for a quite indecent amount of cash :-) Dom ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Tue Sep 18 2001 - 10:57:23 PDT