Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Group Crafts Standards for Evaluating Outsourcers

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Group Crafts Standards for Evaluating Outsourcers
Date: Tue, 7 Feb 2006 03:14:30 -0600 (CST) 
http://www.computerworld.com/securitytopics/security/story/0,10801,108379,00.html

By Jaikumar Vijayan 
FEBRUARY 06, 2006
COMPUTERWORLD

Six large U.S. banks, an industry group and four major accounting
firms joined forces in early 2004 to create standards for assessing
the security practices of outsourcing vendors that work with financial
services firms.

The goal was to create consistent standards for use in evaluating the
controls that outsourcing vendors use to protect sensitive data, said
Faith Boettger, a senior consultant at BITS, the technology arm of the
Washington-based Financial Services Roundtable.

The standards are now available to the financial services community,
following a trial of the program undertaken by five service providers,
including IBM, Acxiom Corp. and First Data Corp.

The standards program, called the Financial Institution Shared
Assessments Program, was developed by BITS, Bank of America Corp., The
Bank of New York Co., Citigroup Inc., JPMorgan Chase & Co., U.S.  
Bancorp and Wells Fargo & Co. Accounting firms Deloitte & Touche LLP,
KPMG International, PricewaterhouseCoopers and Ernst & Young
International serve as technical advisers for the program.

The guidelines can be used to evaluate an outsourcer's controls for
access, asset classification, personnel security, physical and
environmental security, communications, business continuity and
regulatory compliance, Boettger said.

The group expects that the standards will result in improved security
and risk-management practices, she said. The program will also give
auditing firms standard criteria for measuring the security practices
of different service providers, she added.

"BITS member companies have for a long time been focused on looking at
the management of risk within outsourcing relationships," Boettger
said. The new programs should help such companies better meet their
regulatory and risk management requirements, she explained.

Joe Duffy, lead managing partner for the performance improvement
practice at PricewaterhouseCoopers, said the initiative is an example
of the private sector coming together to address information security
issues at a time of heightened regulatory oversight.

"What is groundbreaking here is the fact that industry, the accounting
profession and the supplier community are coming together and
agreeing" on common assessment standards, Duffy said.



_________________________________
InfoSec News v2.0 - Coming Soon! 
http://www.infosecnews.org
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Group Crafts Standards for Evaluating Outsourcers, InfoSec News <=
Previous by Date:  [ISN] Shock Absorbers, InfoSec News
Next by Date:  [ISN] In QDR, Defense focuses on combating cyberthreats, InfoSec News
Previous by Thread:  [ISN] Shock Absorbers, InfoSec News
Next by Thread:  [ISN] In QDR, Defense focuses on combating cyberthreats, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]