Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Hosting

From: "David Gillett" <gillettdavid () fhda edu>
Date: Thu, 31 Jul 2003 09:27:13 -0700
  Outsourcing is a good strategy for businesses with lots of
cash (...) to consider as an alternative to developing in-house
expertise in areas that lie away from their "core competencies".
  I don't think it's a big stretch, though, to recognize that
Security and Trust are, or should be, a bank's core competencies.
The entire banking system only works because most of the people
believe it can be trusted.
  As a general rule, I think security is a very poor choice of
function to outsource.  For a *bank*, I think it's just WRONG.

David Gillett



-----Original Message-----
From: Meritt James [mailto:meritt_james () bah com]
Sent: July 31, 2003 06:16
To: pablo gietz
Cc: simon () snosoft com; security-basics () securityfocus com
Subject: Re: Hosting


A bank is outsourcing?  yeah.....  There may well be privacy and
treasury guidance that restricts what they can do.  I recommend
checking.

Jim

pablo gietz wrote:


Sr.

I am the Security administrator of “that” Bank, and the "management"
wants to give hosting to some ISP (friend of them), and I think our
security is better than they offer. I'm looking for

arguments to rebate

their posture or to demand proves to the IPS about the

security they are

offering.

SMBE (sorry my bad English)

ATD wrote:


Pablo,
      The hosting for the banks systems depends on the

bank.  Most banks use

their own networks, which might I add are very insecure

(yes speaking

from expereince.) The networks often consist of commercial

operating

systems that are not up to par with the latest patches, as well as
administrators that are drowning in policies. (the bigger

banks). Why

don't we hear about them getting hacked more often?  Well,

that would be

bad publicity now wouldn't it?

      Are you looking to have your network hosted or are

you looking into

building secure banking networks?


On Tue, 2003-07-29 at 16:20, pablo gietz wrote:



Hi all

What are the usual terms and condition about security a

Bank may require

to a hosting company?

Legal aspect, security, availability, confidentiality,

any interesting

link?.

It’s better to have the hosting into de company or out ?

Thanks

--
Pablo A. C. Gietz
Jefe de Seguridad Informática
Nuevo Banco de Entre Ríos S.A.
Te.: 0343 - 4201351


La información y archivos contenidos en este mensaje son

confidenciales y para utilización exclusiva de los
destinatarios consignados. Si Usted no reviste ese carácter,
no se encuentra autorizado para divulgar, copiar,distribuir o
retener todo o parte de la informacion y archivos, y deberá
notificarlo de inmediato al remitente y eliminarlo de su
sistema. Muchas gracias.








------------------------------------------------------------

---------------



------------------------------------------------------------

----------------








--
Pablo A. C. Gietz
Jefe de Seguridad Informática
Nuevo Banco de Entre Ríos S.A.
Te.: 0343 - 4201351

La información y archivos contenidos en este mensaje son

confidenciales y para utilización exclusiva de los
destinatarios consignados. Si Usted no reviste ese carácter,
no se encuentra autorizado para divulgar, copiar,distribuir o
retener todo o parte de la informacion y archivos, y deberá
notificarlo de inmediato al remitente y eliminarlo de su
sistema. Muchas gracias.




--------------------------------------------------------------
-------------



--------------------------------------------------------------
--------------

--
James W. Meritt CISSP, CISA
Booz | Allen | Hamilton
phone: (410) 684-6566

--------------------------------------------------------------
-------------
--------------------------------------------------------------
--------------




---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: