<div>
You may want to use nessus ( <a href="http://www.nessus.org" rel="ugc">www.nessus.org</a>) to scan the system yourself, and see the explanation for each vulnerability found.
</div>


You may want to use nessus ( www.nessus.org [http://www.nessus.org]) to scan the system yourself, and see the explanation for each vulnerability found.

<div>
I doubt that doing a vulnerability assessment by a non (certified) security professional who can not accurately interpret the results will be sufficient as a required audit for a financial institution. <br />
<br />
J.
</div>


I doubt that doing a vulnerability assessment by a non (certified) security professional who can not accurately interpret the results will be sufficient as a required audit for a financial institution.

J.

<div>
<div class="content wysiwyg-content">
Hello we are a small financial institution and are in need of basic vulnerability testing (NOT INTRUSION or external) just Vulnerability testing from the inside. We have to have this, so please don't try to tell what other options I have. We are getting a wide range of prices and services and I am not sure what we should be paying for this. We have 25 TOTAL nodes, and have been quoted from 100-200/per node plus software usage fees. Flat fees from $3500-7500. Hourly fees etc etc.<br />
Can anyone clarify this for us? We are Windows XP running Server 2003 with 3 locations.<br />
Thank you
</div>
</div>


Hello we are a small financial institution and are in need of basic vulnerability testing (NOT INTRUSION or external) just Vulnerability testing from the inside. We have to have this, so please don't try to tell what other options I have. We are getting a wide range of prices and services and I am not sure what we should be paying for this. We have 25 TOTAL nodes, and have been quoted from 100-200/per node plus software usage fees. Flat fees from $3500-7500. Hourly fees etc etc.
Can anyone clarify this for us? We are Windows XP running Server 2003 with 3 locations.
Thank you

What should we pay for Vulnerabilty Testing???

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.

Vulnerabilities

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.