Security Basics mailing list archives
RE: internet banking security
From: "Mark Brunner" <mark_brunner () hotmail com>
Date: Wed, 26 Oct 2005 18:15:27 -0400
He's right, either way you slice it, you are dealing with people. The answer to the poster's original questions are best left to a consultant that can A) Interview for the basic qualifiers (what do you want to do? What services will you offer? What protocols...) B) Examine the policies, processes and procedures for gap analysis. C) Make a recommendation as to how best to proceed. D) Provide a quote. E) Perform and guarantee their work. F) Provide an audit function (either internal or 3rd party) for their work. Cheers! Mark -----Original Message----- From: Barrie Dempster [mailto:barrie () reboot-robot net] Sent: Tuesday, October 25, 2005 5:14 AM To: xyberpix Cc: Security-Basics [List] Subject: Re: internet banking security On Tue, 2005-10-18 at 23:20 +0100, xyberpix wrote:
It seems like (from the subject and the thread in progress), that you want to hire an external co, to set up an e-banking site? If that is the case, and like I said I could be reading this all wrong, am I the only person on this list that thinks that this is a completely insane idea???
What is insane about it ? Hiring an external company ? I don't consider that to be insane, it's a common thing to do, external security professionals with proper security checks are a good resource for this type of work. Having it done internally may be a good idea, but generally someone working in the security industry has had previous security checking and then they will go through the client organisations security check procedure before being tasked to the project. This means they will have had more checks than the permanent employees. External companies like this work on reputation as their main asset, based on the skills and integrity of their consultants. As long as the client organisation verifies the reputation and performs security checks they will be hiring people with a decent potential to be trustworthy, as mush as, if not more than, their current employees. (DISCLAIMER: I am an external contractor working in situations very much like this.) -- With Regards.. Barrie Dempster (zeedo) - Fortiter et Strenue "He who hingeth aboot, geteth hee-haw" Victor - Still Game blog: http://reboot-robot.net sites: http://www.bsrf.org.uk - http://www.security-forums.com ca: https://www.cacert.org/index.php?id=3
Current thread:
- Re: internet banking security, (continued)
- Re: internet banking security Barrie Dempster (Oct 13)
- Re: internet banking security Muhammad Aslam (Oct 18)
- Re: internet banking security Barrie Dempster (Oct 18)
- Re: internet banking security ework0 (Oct 18)
- Re: internet banking security Brian Smith (Oct 21)
- Re: internet banking security Muhammad Aslam (Oct 18)
- Re: internet banking security Barrie Dempster (Oct 13)
- RE: internet banking security Rocky Heckman (Oct 17)
- Re: internet banking security crazy frog crazy frog (Oct 18)
- Re: internet banking security xyberpix (Oct 18)
- Re: internet banking security Barrie Dempster (Oct 26)
- Re: internet banking security Stacey Blanc (Oct 27)
- RE: internet banking security Mark Brunner (Oct 27)
- Re: internet banking security xyberpix (Oct 18)