Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Management
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: bank audit pen test

from [Larry Marin] Network Security [Permanent Link]
Subject: Re: bank audit pen test
Date: Fri, 04 Nov 2005 19:04:01 +0000 
KnowledgeLeader http://www.knowledgeleader.com/ Internal Audit and 
RiskManagement Community is a subscription-based website that provides 
auditprograms, checklists,tools, resources and best practices to helpinternal 
auditors ; information security and risk managementprofessionals manage risk, 
and add value. The material is updatedweekly and I strongly recommend it. It is 
well worth the money!!!

Larry Marin, CISM, CISSP,CEH, NSA IAM/IEM
Assistant Vice President
Information SecurityOfficer
--- Begin Message ---
Subject: Re: bank audit pen test
Date: Wed, 2 Nov 2005 19:15:00 +0000 
Related to this, does anyone know of any good sample contracts online for
people involved in audit work? It would be helpful if someone knows of any
resources for developing security services contracts, in general.

Thanks for any suggestions,
--Pete

On 10/30/05, Louie <bklow@tahaninsurance.com> wrote:


Keenen,
I was in a IT security consulting firm that conduct pent-test and etc
for external clients. From my experience...technically, u can be sued.
What
my ex-company did was....include a "clause" in the contract saying that
you
or your company should not be held responsible if the company that you
audited been hacked in the future. The arguement is....hackers always find
new ways/ideas to hack. So, after an audit exercise doesnt mean that the
company that you audited is 100% bullet proof. It is just to "minimized
the
risk". Hope that answer your questions.

Regards,

Louie Low



----- Original Message -----
From: "Keenen Milner" <kmilner@ghcllc.com>
To: "Coreappsecurity Mailing List" <CoreAppSecurity@bankinfosecurity.com>;
<security-management@securityfocus.com>
Sent: Sunday, October 30, 2005 12:03 AM
Subject: bank audit pen test


I have a different twist on the bank audit question.

If as part of the audit, you perform a pen test and the bank gets hack
the day after you deliver your results, can you be sued? I know anyone
can sue anyone for anything but how can you realistically reduce the
chance you get sued.

Best Regards,
Keenen
____________________________________________________
Keenen Milner
Lead Partner - Computer Forensics and Technology Consulting
GHC Information Systems, LLC
Grobstein Horwath and Company, LLP
15233 Ventura Boulevard, 9th Floor
Sherman Oaks, California 91403
(818) 325-8466 - voice
(818) 325-8566 - fax
____________________________________________________

--- End Message ---
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: bank audit pen test, Subscriptions
Next by Date:  Re: ISO Certification, john_blackley
Previous by Thread:  RE: bank audit pen test, Mike Bailey
Next by Thread:  RE: IT Department Size, Mark Brunner
Indexes:  [Date] [Thread] [Top] [All Lists]