Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Management
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: bank audit checklist

from [sysman] Network Security [Permanent Link]
Subject: RE: bank audit checklist
Date: Thu, 27 Oct 2005 08:56:58 -0400 
Dear sectraq@gmail.com,

There are more than 50 domains/areas, which requires different type of
check-lists. Further Audit and the check-list will depend on - what is
the
objective and scope of IS Audit. There is no single magic-wand
check-list to
take care of IS Audit of all domains in a bank.

The IS Audit domains may vary from

1. technical - Risk assessment of network, O/s, database,
application-software, access-control, Digital-signature, data-flow,
patch-management, change-management, Pen-test, etc. (or any combination)
OR
2. procedural - IS Security Policy and Procedures or training etc.
3. legal/regulatory like compliance or
4. BCP

Further, if you are not trained in undertaking proper IS Audit, it is
suggested not to do IS Audit, else it may be harmful to the health of
the
bank in many ways.

Well, normally, the basic IT Security health check is done against IS
Security Policy and procedures.

If you can manage, you can use the British standard BS-7799 ISMS.
Alternatively, CobiT is an excellent frame-work.

Regards,
Rakesh Goyal
Chartered Engineer,
Certified Fraud Examiner,
Certified Management Consultant,
Certified Computer Crimes Investigator,
Certified Information Systems Auditor,
Certified Information Security Manager
Managing Director, Sysman Computers (P) Ltd.,
and
Director, Centre for Research and Prevention of Computer Crimes,
Kanmoor House, Ground Floor,
281/87 Narsi Natha Street,
Mumbai 400 009
Phone : +91-22-2378-2619 / 2375-2932 / 2375-0556 :: Fax :
+91-22-2373-8177
e-mail : sysman@vsnl.com <mailto:sysman@vsnl.com>  & rakesh@sysman.in
<mailto:rakesh@sysman.inrg>
url : http://www.sysman.in <http://www.sysman.inrg/>  and
http://www.sysman.co.in <http://www.sysman.co.in/>
(Sysman is empanelled as IS Auditors under IT Act-2000 to audit PKI AND
as
IS Security Auditor by CERT-In (Govt. of India) AND Sysman is Associate
Consultant to British Standards Institution to implement BS7799 /
ISO17799
ISMS).

***********************************
The information in this email is confidential, and intended solely for
the
addressee. Access to this email by anyone else is unauthorized. Any
copying
or further distribution beyond the original recipient is not intended,
and
may be unlawful.



-----Original Message-----
From: Coreappsecurity Mailing List
[mailto:CoreAppSecurity@bankinfosecurity.com]
Sent: Thursday, October 27, 2005 1:23 AM
To: sysman
Subject: RE: bank audit checklist


*** Forwarded Message ****
Sender: Versace, Michael <michael.versace@fmr.com>
Date: 10/26/2005


A better option is ISO17799 - code of practice for information security


Michael Versace
Fidelity Investments
Risk Oversight
617-392-8202(o)
617-794-0425(m)
michael.versace@fmr.com

This e-mail, and any attachments hereto, are intended for use by the
addressees only and may contain information that is (1) protected by the
attorney-client privilege, (2) attorney work product, (3) confidential
information of FMR Corp. and/or its affiliates and/or subsidiaries,
and/or (4) proprietary information of FMR Corp. and/or its affiliates
and/or
subsidiaries.  If you are not the intended recipient of this e-mail, or
if
you have otherwise received this e-mail in error, please
immediately notify me by telephone (you may call collect), or by e-mail,
and
please permanently delete the original, any print outs and any copies of
the
foregoing.  Any dissemination, distribution or copying of this e-mail is
strictly prohibited.

-----Original Message-----
From: CoreAppSecurity [mailto:CoreAppSecurity@Bankinfosecurity.com]
Sent: Wednesday, October 26, 2005 11:26 AM
To: Versace, Michael
Subject: RE: bank audit checklist


It depends on how detailed you want to get. The Payment Card Industry
Data Security Standards may be an option.

-----Original Message-----
From: Coreappsecurity Mailing List
[mailto:CoreAppSecurity@bankinfosecurity.com]
Sent: Wednesday, October 26, 2005 8:41 AM
To: Estrada, Manny
Subject: FW: bank audit checklist


I saw this post on the security-management@securityfocus.com mailing
list and thought maybe our list could help.

-Moderator
CoreAppSecurity@BankInfoSecurity.com
-----Original Message-----
From: sectraq@gmail.com [mailto:sectraq@gmail.com]
Sent: Monday, October 24, 2005 5:35 PM
To: security-management@securityfocus.com
Subject: bank audit checklist

hey all,

i donno how it happened but i ended up in the middle of a project to
audit the information security system of a bank :)
now since ive never done this before and i dont have much time to
prepare i thought the quickest way is to find/develop some
questionnaires. So i would appreciate any pointers on the topic. if
there are ready made questionnaires on auditing IS of banks that would
be excellent too. if anybody has other suggestions on how to tackle this
dump i got myself
in, am totally open to ur thoughts.

thnx



************************************************************************
********
NOTICE:  This electronic mail message and any attached files are
confidential.  The information is exclusively for the use of the
individual
or entity intended as the recipient. If you are not the intended
recipient,
any use, copying, printing, reviewing, retention, disclosure,
distribution
or forwarding of the message or any attached file is not authorized and
is strictly prohibited.  If you have received this electronic mail
message
in error, please advise the sender by reply electronic mail immediately
and permanently delete the original transmission, any attachments and
any copies of this message from your computer system.
************************************************************************
********

--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.361 / Virus Database: 267.12.5/149 - Release Date:
10/25/2005
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: bank audit checklist, CoreAppSecurity
Next by Date:  RE: bank audit checklist, Reino, Alfredo
Previous by Thread:  RE: bank audit checklist, CoreAppSecurity
Next by Thread:  RE: bank audit checklist, Reino, Alfredo
Indexes:  [Date] [Thread] [Top] [All Lists]