Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] UK banks ignore security audit findings

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] UK banks ignore security audit findings
Date: Fri, 20 May 2005 00:11:41 -0500 (CDT) 
http://www.theregister.co.uk/2005/05/19/audit_ignoramuses/

By John Leyden
19th May 2005 

Some UK corporates routinely ignore the findings of security audits 
treating them solely as a necessary step to satisfy corporate 
governance regulations, according to an experienced penetration 
tester.

Tim Ecott, managing consultant at security integrator Integralis, 
explained that banks and other financial institutions are told they 
have to carry out a penetration test to comply with audits. In some 
cases - perhaps five per cent - Ecott and his team discover the same 
faults every time. "The findings of our reports are not followed up on 
either by the firms themselves or their auditors. We're not talking 
about critical security flaws but certainly about things that need 
fixing and leave firms open to attack," he said.

"Some of our clients take our report to pieces and do every thing we 
advise but with others, it's the same things over and over again. 
Reports over a period of quarters could be copies of each other with 
just a different date," Ecott told El Reg.

In some cases companies lack the resources to put things right; and 
often getting new applications up on running is given priority, 
leaving security concerns neglected, he said. "Firms need to think 
about security at the beginning of projects rather than as an 
afterthought. Security and business objectives need to be linked." ®



_________________________________________
InfoSec News v2.0 - Coming Soon!
http://www.infosecnews.org
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] UK banks ignore security audit findings, InfoSec News <=
Previous by Date:  Re: [ISN] Swindle: 'Somebody Has Got to Pay', InfoSec News
Next by Date:  [ISN] How Dangerous Was The Cisco Code Theft?, InfoSec News
Previous by Thread:  [ISN] Paris Hilton Hack Started With Old-Fashioned Con, InfoSec News
Next by Thread:  [ISN] How Dangerous Was The Cisco Code Theft?, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]