Written by Dave Stelzl CISSP

Vulnerability Testing That Doesn’t Lead to More Business

Why do so many Vulnerability tests fail to produce remediation business?

1. If the test is done for IT, you won’t have visibility into the executive ranks

2. If the process doesn’t involve the executive team they won’t care much about the results

3. The report is too technical

4. The report uses jargon that disguises the problem and it’s urgency

5. The provider appears to be more focused on analytics  than urgent issues

Eg.  If I come to you and say, this is the problem, I’ll put together some options and pricing and get back to you next week, do you feel like the issues are urgent? What if you plumber did that after discovering a leaking pipe in your wall?  You’d fire them! (But only because you know that is urgent.)

© 2010, David Stelzl

Share

Advertisement

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s