Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Management
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: bank audit pen test

from [Richard . Sullivan] Network Security [Permanent Link]
Subject: Re: bank audit pen test
Date: Mon, 31 Oct 2005 10:40:35 -0500 
That is a question for your legal department. As with many liability 
cases, if you can show that you took adequate steps (or at least didn't 
drag your feet) to address your recently discovered vulnerabilities, you 
might be able to avoid/reduce legal action and financial damages. 
Typically, a successful lawsuit would require proving negligence on your 
part.

However, if the hack resulted in disclosure of customer information in 
violation of California's SB 1386 privacy law, it might be a completely 
different situation. Again, you should ask your lawyers about this rather 
than the opinions of this group.

- Rich

 



"Keenen Milner" <kmilner@ghcllc.com> 
10/29/2005 12:03 PM

To
"Coreappsecurity Mailing List" <CoreAppSecurity@bankinfosecurity.com>, 
<security-management@securityfocus.com>
cc

Subject
bank audit pen test






I have a different twist on the bank audit question.

If as part of the audit, you perform a pen test and the bank gets hack
the day after you deliver your results, can you be sued? I know anyone
can sue anyone for anything but how can you realistically reduce the
chance you get sued.

Best Regards, 
Keenen 
____________________________________________________ 
Keenen Milner 
Lead Partner - Computer Forensics and Technology Consulting
GHC Information Systems, LLC
Grobstein Horwath and Company, LLP
15233 Ventura Boulevard, 9th Floor
Sherman Oaks, California 91403
(818) 325-8466 - voice 
(818) 325-8566 - fax 
____________________________________________________
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: New Bank Authentication Rule, Larry Marin
Next by Date:  RE: IT Department Size, Tritsaris Konstantinos
Previous by Thread:  RE: bank audit pen test, Mark Brunner
Next by Thread:  Re: bank audit pen test, Louie
Indexes:  [Date] [Thread] [Top] [All Lists]