Proving due diligence and compliance.
Having determined the objectives from the assessment, and the scope required, the following should be asked of a potential supplier to determine whether they are appropriate.
1. Are they security specialists first and foremost, or is the security practice a secondary concern?
2. Does the organization’s methodology follow and exceed those such as OSSTMM, and OWASP?
3. Do they offer a comprehensive suite of services, tailored to the specific requirements of their clients?
4. Are they able to distinguish and articulate between infrastructure and application testing?
5. Are their staff experienced security professionals, holding recognized certifications such as CISSP?
6. Do the deliverables, such as the final report, present the results in an informed manner, with concise and practical information for technical and non-technical parties?
Read More.. | Comments (0) | Resources.