Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Skype use obligation - Security x Productivity

from [M.B.Jr.] Network Security [Permanent Link]
Subject: Re: Skype use obligation - Security x Productivity
Date: Wed, 18 Jul 2007 11:33:58 -0300 
Well,
thank you all.
I really appreciate your attention and your suggestions as well.

See, when I stated:
"Risk their efforts in obtaining the mentioned ISO certifications?"
I meant they are struggling to obtain it in order to conform to
another big partner's prerequisites (yes, ironic). They do not have
the certifications yet and the voip application use obligation may
constitute one big barrier.
It all starts like that. Like:
"yes sir, voip's great!"
Then:
"sir, why don't we provide our workforce with some voip enhanced mobile devices?
check out this nice colored folder explaining it."

That's one main concern for network security. Voip always brings some
AP's along with it.
We try hard to keep wi-fi technologies far from our customers' networks.

Another point raised:
Why posting this issue in here? What is its relationship with pentesting?
Well, network assessments are our company's cornerstone and all of our
efforts in strengthening a client's infrastructure is conducted
through a layer-by-layer perspective.

We are about to schedule a meeting with our customer's CIO
(they do not have sth like a CSO, that's our company's role) and one
of their board members.
Be sure that most of what was said here is going to be taken in account then.

Thank you again.
Yours sincerely

On 7/18/07, Pretorius, Wynand (ZA - Johannesburg)
<wpretorius@deloitte.co.za> wrote:

Good Morning

For the 7799 certification you need to show evidence that the business
decided on using a particular technology that falls within acceptable
levels of risk. Remember the business defines the risk levels. Risks
must be identified, mitigated, accepted or transferred with supporting
evidence.

You cannot fail a company because of their choice of technology. In fact
is not even about the technology but more the management of the risk. My
advise to you is that if the business chose skype, ensure that the
supporting processes, secure configuration standards and acceptable use
policy in place. This will show that the technology is managed and the
risks identified. Also consider a readiness audit before you go for
certification.

Regards

Wynand Pretorius
CISSP CISA CISM ISO 27001 Lead Auditor
Manager
Enterprise Risk Services
Deloitte & Touche
Tel switchboard +27 (0)11 806 5000
Email: wpretorius@deloitte.co.za

World Wide Web http://www.deloitte.com

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of Javier O. Augusto
Sent: 17 July 2007 03:34 AM
To: pen-test@securityfocus.com
Subject: Re: Skype use obligation - Security x Productivity

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


M.B.Jr. wrote:
> [..] What to do? Risk their efforts in obtaining ISO certification?
>  Guess we need to hear some other professionals.
>
> Thank you, any comment will be extremmely useful.
>
Greetings,

You're better off sending this question to "bs7799@securityfocus.com"
Anyway, remeber that ISO 17799 guidelines says measurements are not
mandatory...

HTH.

Jay_of_Today
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGnByBdzPeqPICKQkRAq2bAJkB4Ew5A4vpofU6b08NhnM421Y3AgCgjusw
buPeMOm5jkURv7t+K8LGz9E=
=ZOuq
-----END PGP SIGNATURE-----


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Swap Out your SPI or Watchfire app sec solution for Cenzic's robust,
accurate risk assessment and management solution FREE - limited Time
Offer

http://www.cenzic.com/c/wf-spi
------------------------------------------------------------------------

Important Notice: This email is subject to important restrictions, qualifications and 
disclaimers ("the Disclaimer") that must be accessed and read by visiting our 
website and viewing the webpage at the following address: 
http://www.deloitte.com/za/disclaimer.  The Disclaimer is deemed to form part of the 
content of this email in terms of Section 11 of the Electronic Communications and 
Transactions Act, 25 of 2002.  If you cannot access the Disclaimer, please obtain a copy 
thereof from us by sending an email to ClientServiceCentre@Deloitte.co.za.

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Swap Out your SPI or Watchfire app sec solution for
Cenzic's robust, accurate risk assessment and management
solution FREE - limited Time Offer

http://www.cenzic.com/c/wf-spi
------------------------------------------------------------------------





--
Marcio Barbado, Jr.
==============
==============

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Swap Out your SPI or Watchfire app sec solution for
Cenzic's robust, accurate risk assessment and management
solution FREE - limited Time Offer

http://www.cenzic.com/c/wf-spi
------------------------------------------------------------------------

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Tool Update] SSA version 1.5.2 released, SD List
Next by Date:  recover deleted emails from a pst, James G. McIntyre
Previous by Thread:  RE: Skype use obligation - Security x Productivity, Pretorius, Wynand (ZA - Johannesburg)
Next by Thread:  Re: Skype use obligation - Security x Productivity, Roland Dobbins
Indexes:  [Date] [Thread] [Top] [All Lists]