Re: Hosting
From: pablo gietz (pablo.gietz_at_nuevobersa.com.ar)
Date: 07/31/03
- Previous message: Johnson, Kevin: "RE: hidden processes"
- In reply to: David Gillett: "RE: Hosting"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 31 Jul 2003 14:45:54 -0300 To: gillettdavid@fhda.edu
David
I totally agree with your concept.
! Thanks to all who has responded.!
David Gillett wrote:
> Outsourcing is a good strategy for businesses with lots of
>cash (...) to consider as an alternative to developing in-house
>expertise in areas that lie away from their "core competencies".
> I don't think it's a big stretch, though, to recognize that
>Security and Trust are, or should be, a bank's core competencies.
>The entire banking system only works because most of the people
>believe it can be trusted.
> As a general rule, I think security is a very poor choice of
>function to outsource. For a *bank*, I think it's just WRONG.
>
>David Gillett
>
>
>
>
>>-----Original Message-----
>>From: Meritt James [mailto:meritt_james@bah.com]
>>Sent: July 31, 2003 06:16
>>To: pablo gietz
>>Cc: simon@snosoft.com; security-basics@securityfocus.com
>>Subject: Re: Hosting
>>
>>
>>A bank is outsourcing? yeah..... There may well be privacy and
>>treasury guidance that restricts what they can do. I recommend
>>checking.
>>
>>Jim
>>
>>pablo gietz wrote:
>>
>>
>>>Sr.
>>>
>>>I am the Security administrator of “that” Bank, and the "management"
>>>wants to give hosting to some ISP (friend of them), and I think our
>>>security is better than they offer. I'm looking for
>>>
>>>
>>arguments to rebate
>>
>>
>>>their posture or to demand proves to the IPS about the
>>>
>>>
>>security they are
>>
>>
>>>offering.
>>>
>>>SMBE (sorry my bad English)
>>>
>>>ATD wrote:
>>>
>>>
>>>
>>>>Pablo,
>>>> The hosting for the banks systems depends on the
>>>>
>>>>
>>bank. Most banks use
>>
>>
>>>>their own networks, which might I add are very insecure
>>>>
>>>>
>>(yes speaking
>>
>>
>>>>from expereince.) The networks often consist of commercial
>>>
>>>
>>operating
>>
>>
>>>>systems that are not up to par with the latest patches, as well as
>>>>administrators that are drowning in policies. (the bigger
>>>>
>>>>
>>banks). Why
>>
>>
>>>>don't we hear about them getting hacked more often? Well,
>>>>
>>>>
>>that would be
>>
>>
>>>>bad publicity now wouldn't it?
>>>>
>>>> Are you looking to have your network hosted or are
>>>>
>>>>
>>you looking into
>>
>>
>>>>building secure banking networks?
>>>>
>>>>
>>>>On Tue, 2003-07-29 at 16:20, pablo gietz wrote:
>>>>
>>>>
>>>>
>>>>
>>>>>Hi all
>>>>>
>>>>>What are the usual terms and condition about security a
>>>>>
>>>>>
>>Bank may require
>>
>>
>>>>>to a hosting company?
>>>>>
>>>>>Legal aspect, security, availability, confidentiality,
>>>>>
>>>>>
>>any interesting
>>
>>
>>>>>link?.
>>>>>
>>>>>It’s better to have the hosting into de company or out ?
>>>>>
>>>>>Thanks
>>>>>
>>>>>--
>>>>>Pablo A. C. Gietz
>>>>>Jefe de Seguridad Informática
>>>>>Nuevo Banco de Entre RÃos S.A.
>>>>>Te.: 0343 - 4201351
>>>>>
>>>>>
>>>>>La información y archivos contenidos en este mensaje son
>>>>>
>>>>>
>>confidenciales y para utilización exclusiva de los
>>destinatarios consignados. Si Usted no reviste ese carácter,
>>no se encuentra autorizado para divulgar, copiar,distribuir o
>>retener todo o parte de la informacion y archivos, y deberá
>>notificarlo de inmediato al remitente y eliminarlo de su
>>sistema. Muchas gracias.
>>
>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>------------------------------------------------------------
>>>>
>>>>
>>---------------
>>
>>
>>>>------------------------------------------------------------
>>>>
>>>>
>>----------------
>>
>>
>>>>
>>>>
>>>>
>>>--
>>>Pablo A. C. Gietz
>>>Jefe de Seguridad Informática
>>>Nuevo Banco de Entre Ríos S.A.
>>>Te.: 0343 - 4201351
>>>
>>>La información y archivos contenidos en este mensaje son
>>>
>>>
>>confidenciales y para utilización exclusiva de los
>>destinatarios consignados. Si Usted no reviste ese carácter,
>>no se encuentra autorizado para divulgar, copiar,distribuir o
>>retener todo o parte de la informacion y archivos, y deberá
>>notificarlo de inmediato al remitente y eliminarlo de su
>>sistema. Muchas gracias.
>>
>>
>>>
>>>
>>--------------------------------------------------------------
>>-------------
>>
>>
>>--------------------------------------------------------------
>>--------------
>>
>>--
>>James W. Meritt CISSP, CISA
>>Booz | Allen | Hamilton
>>phone: (410) 684-6566
>>
>>--------------------------------------------------------------
>>-------------
>>--------------------------------------------------------------
>>--------------
>>
>>
>>
>
>
>---------------------------------------------------------------------------
>----------------------------------------------------------------------------
>
>
>
>
-- Pablo A. C. Gietz Jefe de Seguridad Informática Nuevo Banco de Entre Ríos S.A. Te.: 0343 - 4201351 La información y archivos contenidos en este mensaje son confidenciales y para utilización exclusiva de los destinatarios consignados. Si Usted no reviste ese carácter, no se encuentra autorizado para divulgar, copiar,distribuir o retener todo o parte de la informacion y archivos, y deberá notificarlo de inmediato al remitente y eliminarlo de su sistema. Muchas gracias. --------------------------------------------------------------------------- ----------------------------------------------------------------------------
- Previous message: Johnson, Kevin: "RE: hidden processes"
- In reply to: David Gillett: "RE: Hosting"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
