Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

What should we pay for Vulnerabilty Testing???

Posted on 2007-11-27
3
Medium Priority
?
334 Views
Last Modified: 2010-05-18
Hello we are a small financial institution and are in need of basic vulnerability testing (NOT INTRUSION or external) just Vulnerability testing from the inside. We have to have this, so please don't try to tell what other options I have. We are getting a wide range of prices and services and I am not sure what we should be paying for this. We have 25 TOTAL nodes, and have been quoted from 100-200/per node plus software usage fees. Flat fees from $3500-7500. Hourly fees etc etc.
Can anyone clarify this for us? We are Windows XP running Server 2003 with 3 locations.
Thank you
0
Comment
Question by:final4fever
  • 2
3 Comments
 
LVL 18

Accepted Solution

by:
PowerIT earned 800 total points
ID: 20364183
This is probably more of an economics question then a security question, but I'll still try to formulate an answer.
First, you should not pay more then it's worth to you. But also not much less, or quality will suffer.
I have the feeling that you are legally obliged to do this, so it will be hard to set a maximum value, because if you don't then you are probably out of business.
So then the price will also be influenced by current market demand. You know, supply and demand.
IF I do a quick calculation using avarage tarifs I know about and needed time then I would say: $4.375 + travelling costs for the 3 locations.
Mind you: this is an avarage. Where you are located can also vary the pricing: in some area's consultancy (and the labour hours) is more expensive then in others. Hiring in London or NYC will be more expensive then lets say ... Kiev.

Hope this helps.

J.

0
 
LVL 7

Expert Comment

by:nttranbao
ID: 20364355
You may want to use nessus ( www.nessus.org) to scan the system yourself, and see the explanation for each vulnerability found.
0
 
LVL 18

Expert Comment

by:PowerIT
ID: 20364401
I doubt that doing a vulnerability assessment by a non (certified) security professional who can not accurately interpret the results will be sufficient as a required audit for a financial institution.

J.
0

Featured Post

WatchGuard Case Study: Museum of Flight

“With limited money and limited staffing, we didn’t have a lot of choices in terms of what we could do to bring efficiency. WatchGuard played a central part in changing that.” To provide strong, secure Wi-Fi access within the museum, Hunter chose to deploy WatchGuard’s AP120 APs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Considering today’s continual security threats, which affect Information technology networks and systems worldwide, it is very important to practice basic security awareness. A normal system user can secure himself or herself by following these simp…
Ransomware - Defeated! Client opened the wrong email and was attacked by Ransomware. I was able to use file recovery utilities to find shadow copies of the encrypted files and make a complete recovery.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question