What should we pay for Vulnerabilty Testing???

Hello we are a small financial institution and are in need of basic vulnerability testing (NOT INTRUSION or external) just Vulnerability testing from the inside. We have to have this, so please don't try to tell what other options I have. We are getting a wide range of prices and services and I am not sure what we should be paying for this. We have 25 TOTAL nodes, and have been quoted from 100-200/per node plus software usage fees. Flat fees from $3500-7500. Hourly fees etc etc.
Can anyone clarify this for us? We are Windows XP running Server 2003 with 3 locations.
Thank you
LVL 1
final4feverAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

PowerITCommented:
This is probably more of an economics question then a security question, but I'll still try to formulate an answer.
First, you should not pay more then it's worth to you. But also not much less, or quality will suffer.
I have the feeling that you are legally obliged to do this, so it will be hard to set a maximum value, because if you don't then you are probably out of business.
So then the price will also be influenced by current market demand. You know, supply and demand.
IF I do a quick calculation using avarage tarifs I know about and needed time then I would say: $4.375 + travelling costs for the 3 locations.
Mind you: this is an avarage. Where you are located can also vary the pricing: in some area's consultancy (and the labour hours) is more expensive then in others. Hiring in London or NYC will be more expensive then lets say ... Kiev.

Hope this helps.

J.

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
nttranbaoCommented:
You may want to use nessus ( www.nessus.org) to scan the system yourself, and see the explanation for each vulnerability found.
0
PowerITCommented:
I doubt that doing a vulnerability assessment by a non (certified) security professional who can not accurately interpret the results will be sufficient as a required audit for a financial institution.

J.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Vulnerabilities

From novice to tech pro — start learning today.