Independent Information Security Assessments: Truth, Lies, and Snake Oil

Many companies rely on a third party to perform various types of security assessments such as penetration testing, vulnerability assessments and web application security assessments. The market for these types of services is expanding rapidly and driven in part by regulations and guidelines. With all of this opportunity, there are a more information security assessment providers than ever before. Unfortunately, there is a great deal of variance between the level and quality of services these companies provide. How do you select a capable, experienced assessment provider? How do you know if you are getting quality assessment services and related deliverables from you current assessment provider?

During this presentation, we’ll take an in-depth look into the security assessment landscape and share our experiences over the past decade from the perspectives of both the consumer as well as the provider of these services. We’ll examine portions of various assessment deliverables we’ve encountered over the years which include the good, the bad and the ugly. Attendees will gain an understanding of what to expect from a quality independent security assessment as well as what to look for when selecting an information security assessment provider.

Download PDF