Financial Institution Shared Assessments Program (FISAP)
- From: "lists@xxxxxxxxxxxxxx" <lists@xxxxxxxxxxxxxx>
- Date: Tue, 25 Jul 2006 22:27:12 -0400
If you are in the financial industry, version 2 of the FISAP assessment SIG
is worth reviewing. FISAP is a process for financial institutions to
evaluate IT service providers. Included below are links to a FISAP FAQ and
the assessment documents themselves.
"Members and visitors who viewed the earlier version of the SIG will
notice a
significant change in this document. The Technical Development Committee
redeveloped the SIG from the ground up, including the addition of:
- Excel format for automated analysis
- Closed-ended questions
- Broader and deeper analysis of controls
- Alignment with version 2.0 (forthcoming) of the Agreed Upon Procedures
- Alignment with the ISO 17799:2005 standard
- A standardized questionnaire that can replace your company's existing
questionnaire
The resulting document is significantly more robust and easier for both
the
service provider to complete and the financial institution to analyze."
If you like the FISAP documents and have something to add, please reach out
to BITS and share your thoughts. For more information, visit
http://www.bitsinfo.org/fisap
Kind regards,
Gideon
Gideon T. Rasmussen
CISSP, CISA, CISM, IAM
Charlotte, NC
http://www.gideonrasmussen.com/contact.html
http://www.ussecurityawareness.org
http://groups.yahoo.com/group/gideons-infosec-list
http://groups.yahoo.com/group/insider-threat
Program Introduction:
http://www.bitsinfo.org/FISAP/Forms/FISAPIntroduction.pps
Program FAQs:
http://www.bitsinfo.org/FISAP/Forms/18SharedAssessmentsFAQ.pdf
Standardized Information Gathering (SIG) v2.0
http://www.bitsinfo.org/FISAP/Forms/SIGv2.0.xls
Agreed Upon Procedures v1.0
http://www.bitsinfo.org/FISAP/Forms/AUP.pdf
Service Provider Preparation Guide
http://www.bitsinfo.org/FISAP/Forms/SPPrepGuide.doc
--------------------------------------------------------------------
mail2web - Check your email from the web at
http://mail2web.com/ .
---------------------------------------------------------------------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
- Prev by Date: Re: Penetration tester skill set,
- Next by Date: Re: How Windows Password Cracking Programs Work
- Previous by thread: How to stop Admins from sniffing ?
- Next by thread: rootkit behavior
- Index(es):
