|
-
July 23rd, 2006, 10:10 PM
#8
Originally posted here by HTRegz
I'm not a big fan of having internal employees audit a network... but there is a big IF to that.... if they are the network department... If you have a security group that is in no way, shape or form related to the network department... then it's a great idea... but having the network department do the pentest (I've known companies that do this) is useless... Obviously they are going to secure the systems as much as they can and as best they can... so they aren't going to get into them...
Do you still feel this way if it is another group within the company doing the Pen Test? For example, if the auditing department worked as an independant function of Finance instead of IT?
Good discussion points so far. Keep 'em coming! Thanks!
-Deeboe
If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.
- Sun Tzu, The Art of War 
http://tazforum.**********.com/
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote