Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: internet banking security

from [Mark Brunner] Network Security [Permanent Link]
Subject: RE: internet banking security
Date: Wed, 26 Oct 2005 18:15:27 -0400 
He's right, either way you slice it, you are dealing with people.
The answer to the poster's original questions are best left to a consultant
that can
A) Interview for the basic qualifiers (what do you want to do?  What
services will you offer?  What protocols...)
B) Examine the policies, processes and procedures for gap analysis.
C) Make a recommendation as to how best to proceed.
D) Provide a quote.
E) Perform and guarantee their work.
F) Provide an audit function (either internal or 3rd party) for their work.

Cheers!
Mark

-----Original Message-----
From: Barrie Dempster [mailto:barrie@reboot-robot.net]
Sent: Tuesday, October 25, 2005 5:14 AM
To: xyberpix
Cc: Security-Basics [List]
Subject: Re: internet banking security


On Tue, 2005-10-18 at 23:20 +0100, xyberpix wrote:

It seems like (from the subject and the thread in progress), that you
want to hire an
external co, to set up an e-banking site?

If that is the case, and like I said I could be reading this all
wrong, am I the only person
on this list that thinks that this is a completely insane idea???


What is insane about it ?

Hiring an external company ?

I don't consider that to be insane, it's a common thing to do, external
security professionals with proper security checks are a good resource
for this type of work. Having it done internally may be a good idea, but
generally someone working in the security industry has had previous
security checking and then they will go through the client organisations
security check procedure before being tasked to the project. This means
they will have had more checks than the permanent employees. External
companies like this work on reputation as their main asset, based on the
skills and integrity of their consultants.

As long as the client organisation verifies the reputation and performs
security checks they will be hiring people with a decent potential to be
trustworthy, as mush as, if not more than, their current employees.

(DISCLAIMER: I am an external contractor working in situations very much
like this.)

--
With Regards..
Barrie Dempster (zeedo) - Fortiter et Strenue

"He who hingeth aboot, geteth hee-haw" Victor - Still Game

blog:  http://reboot-robot.net
sites: http://www.bsrf.org.uk - http://www.security-forums.com
ca:    https://www.cacert.org/index.php?id=3
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Cisco Books, b . hines
Next by Date:  RE: How do you clean a RIM/Blackberry Device?, Justin Martin
Previous by Thread:  Re: internet banking security, Stacey Blanc
Next by Thread:  F-Secure 2006 Review, ldruger
Indexes:  [Date] [Thread] [Top] [All Lists]