RE: internet banking security

From: Mark Brunner (
Date: 10/27/05

  • Next message: Justin Martin: "RE: How do you clean a RIM/Blackberry Device?"
    To: "'Barrie Dempster'" <>, "'xyberpix'" <>
    Date: Wed, 26 Oct 2005 18:15:27 -0400

    He's right, either way you slice it, you are dealing with people.
    The answer to the poster's original questions are best left to a consultant
    that can
    A) Interview for the basic qualifiers (what do you want to do? What
    services will you offer? What protocols...)
    B) Examine the policies, processes and procedures for gap analysis.
    C) Make a recommendation as to how best to proceed.
    D) Provide a quote.
    E) Perform and guarantee their work.
    F) Provide an audit function (either internal or 3rd party) for their work.


    -----Original Message-----
    From: Barrie Dempster []
    Sent: Tuesday, October 25, 2005 5:14 AM
    To: xyberpix
    Cc: Security-Basics [List]
    Subject: Re: internet banking security

    On Tue, 2005-10-18 at 23:20 +0100, xyberpix wrote:
    > It seems like (from the subject and the thread in progress), that you
    > want to hire an
    > external co, to set up an e-banking site?
    > If that is the case, and like I said I could be reading this all
    > wrong, am I the only person
    > on this list that thinks that this is a completely insane idea???

    What is insane about it ?

    Hiring an external company ?

    I don't consider that to be insane, it's a common thing to do, external
    security professionals with proper security checks are a good resource
    for this type of work. Having it done internally may be a good idea, but
    generally someone working in the security industry has had previous
    security checking and then they will go through the client organisations
    security check procedure before being tasked to the project. This means
    they will have had more checks than the permanent employees. External
    companies like this work on reputation as their main asset, based on the
    skills and integrity of their consultants.

    As long as the client organisation verifies the reputation and performs
    security checks they will be hiring people with a decent potential to be
    trustworthy, as mush as, if not more than, their current employees.

    (DISCLAIMER: I am an external contractor working in situations very much
    like this.)

    With Regards..
    Barrie Dempster (zeedo) - Fortiter et Strenue
    "He who hingeth aboot, geteth hee-haw" Victor - Still Game
    sites: -

  • Next message: Justin Martin: "RE: How do you clean a RIM/Blackberry Device?"

    Relevant Pages

    • RE: Coexistance of Windows 2000 and Windows 2003
      ... I'm not sure what your consultant means when he says "master." ... Coexistance of Windows 2000 and Windows 2003 ... this is Security related as far as crashing an AD is a security problem, ... most highly-anticipated industry event of the year. ...
    • Re: Starting up as a security consultant
      ... You can consider attaining CISC i.e. Certified Information Security ... Consultant program from Network Intelligence Pvt. ...
    • RE: Possible security problem??
      ... Subject: Possible security problem?? ... I was speaking to another consultant the other day in regards to this issue. ... It seems that the IP of the Alcatel DSL Modem (If it's the same as the ones ... The other consultant told me that it was a monitoring interface and was only ...
    • Re: I cant go on Internet by the ISA Server but only by the Clients
      ... MCSE+I NT4, MCSA: Security, MCSE: Security, MCDBA, CCNA ... >> Mohammed A. Raslan ... >> Systems Engineer / Consultant ...
    • Re: Linux, BSD, and Unix are fundamentally insecure.
      ... >> An opensource consultant visited my workplace recently and was ... >> upstaged by my MCSEs. ... >> sales call to the owner of the company who decided to see a demo of ... that they did not show anything except that physical access security is ...