[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] Top 15 Reasons Why Admins Use Security Scan ners

To: "Starford, Christopher D." <CHRISTOPHER.D.STARFORD@xxxxxxxx>
Subject: RE: [Full-Disclosure] Top 15 Reasons Why Admins Use Security Scan ners
From: Harlan Carvey <keydet89@xxxxxxxxx>
Date: Wed, 28 Apr 2004 13:04:33 -0700 (PDT)

And you know something, Chris...that's fine.  Really. 
I just left a position in the private sector w/ a
company that was audited over a dozen times a year by
various customers.  Even their external auditors (ie,
*not* customers) were clueless when it comes to IT or
security.  One audit did include a knowledgeable
security professional on staff...but just one.  

But there's also another way to look at the original
comment...security is a process.  Running a
vulnerability scanner isn't a process...it's a
point-in-time check, a snapshot.  A good IT security
auditor won't focus on the fact that certain systems
have vulnerabilities...he or she will focus on *why*
they have the vulnerabilities.

> I believe many true IT Security Auditors out there
> would agree that your wrong on this one.
> 
> > -How will I ever pass my IT Security Audits?
> >  
> > Don't worry about it...most audits don't seem to
> have
> > an IT background, and even when they do, they
> don't
> > take the time to understand your business
> processes or
> > your network infrastructure.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- RE: [Full-Disclosure] Top 15 Reasons Why Admins Use Security Scan ners
  - From: Starford, Christopher D.

Prev by Date: Re: AW: [Full-Disclosure] no more public exploits
Next by Date: RE: AW: [Full-Disclosure] no more public exploits
Previous by thread: RE: [Full-Disclosure] Top 15 Reasons Why Admins Use Security Scan ners
Next by thread: RE: [Full-Disclosure] Top 15 Reasons Why Admins Use Security Scan ners
Index(es):
- Date
- Thread