lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: keydet89 at yahoo.com (Harlan Carvey)
Subject: Top 15 Reasons Why Admins Use Security Scan ners

And you know something, Chris...that's fine.  Really. 
I just left a position in the private sector w/ a
company that was audited over a dozen times a year by
various customers.  Even their external auditors (ie,
*not* customers) were clueless when it comes to IT or
security.  One audit did include a knowledgeable
security professional on staff...but just one.  

But there's also another way to look at the original
comment...security is a process.  Running a
vulnerability scanner isn't a process...it's a
point-in-time check, a snapshot.  A good IT security
auditor won't focus on the fact that certain systems
have vulnerabilities...he or she will focus on *why*
they have the vulnerabilities.

> I believe many true IT Security Auditors out there
> would agree that your wrong on this one.
> 
> > -How will I ever pass my IT Security Audits?
> >  
> > Don't worry about it...most audits don't seem to
> have
> > an IT background, and even when they do, they
> don't
> > take the time to understand your business
> processes or
> > your network infrastructure.



Powered by blists - more mailing lists