RE: Bank Assessment
From: Blake Wiedman (bwiedman_at_iconsinc.com)
Date: 04/22/04
- Previous message: ELLIS, STEVEN: "RE: MBSA scanner"
- In reply to: c0d3r_at_cotse.net: "RE: Bank Assessment"
- Next in thread: Amit Deshmukh: "RE: Bank Assessment"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <c0d3r@cotse.net> Date: Thu, 22 Apr 2004 16:02:26 -0400
Won't argue you with you that they leave something to be desired. But,
they will give a security tech who is knew to banking an idea of what
banks consider important to their security. I Usually start off with
the guidelines then move on to the NSA guidelines for the nitty gritty
tech work.
Also if you're new to the bank world, do some research on the different
core processors currently utilized.
Blake
-----Original Message-----
From: c0d3r@cotse.net [mailto:c0d3r@cotse.net]
Sent: Wednesday, April 21, 2004 9:23 PM
To: Blake Wiedman
Cc: 'Joe Smith'; pen-test@securityfocus.com
Subject: RE: Bank Assessment
Hi all;
Not to cast any dispersions on anything, but IMHO, the FFIEC guidelines
are pretty
lame. They're OK for "management and operational" type reviews, but
they just don't
cut it for technical work. I'd look to a more solid technical standard,
like
nsa.gov, nist.gov, or OSSTMM Ver. 2. Those are the things that I use
for (almost
exclusively) banks. We've developed custom testing programs using these
as
standards.
c0d3r
> You can find the answers to most of your questions including
guidelines
> here http://www.ffiec.gov/
>
> My employer uses the guidelines as the basis for all of our banking
> clients.
>
>
> Blake Wiedman
> Security Technician
> Icons Inc.
> www.iconsinc.com
> 732.309.6038
>
> -----Original Message-----
> From: Joe Smith [mailto:joey@r00t66.com]
> Sent: Monday, April 19, 2004 2:40 PM
> To: pen-test@securityfocus.com
> Subject: Bank Assessment
>
>
> I'm looking for any good links with regard to Banking Institutions..
> Security assessments, pen-testing, special needs etc. I know they
are
> big on policies and procedures.
>
>
>
------------------------------------------------------------------------
> ------
> Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
> off
> any course! All of our class sizes are guaranteed to be 10 students or
> less
> to facilitate one-on-one interaction with one of our expert
instructors.
> Attend a course taught by an expert instructor with years of
> in-the-field
> pen testing experience in our state of the art hacking lab. Master the
> skills
> of an Ethical Hacker to better assess the security of your
organization.
> Visit us at:
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
>
------------------------------------------------------------------------
> -------
>
>
>
>
------------------------------------------------------------------------
------
> Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
off
> any course! All of our class sizes are guaranteed to be 10 students or
less
> to facilitate one-on-one interaction with one of our expert
instructors.
> Attend a course taught by an expert instructor with years of
in-the-field
> pen testing experience in our state of the art hacking lab. Master the
skills
> of an Ethical Hacker to better assess the security of your
organization.
> Visit us at:
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
>
------------------------------------------------------------------------
-------
>
-- Hacking is a good mixture of technical knowledge, programming knowhow and misuse of trust. ------------------------------------------------------------------------ ------ Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------ ------- ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
- Previous message: ELLIS, STEVEN: "RE: MBSA scanner"
- In reply to: c0d3r_at_cotse.net: "RE: Bank Assessment"
- Next in thread: Amit Deshmukh: "RE: Bank Assessment"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
