Security Basics mailing list archives

Re: internet banking security

From: Stacey Blanc <stacey.blanc () gmail com>
Date: Wed, 26 Oct 2005 15:26:24 -0700

IMO hiring external is possibly one of the better routes to go
(providing the external is certified recommended, yaddi yaddi yadda).

being external to an organization helps point out holes that an
internal team may otherwise miss b/c they stare at their
resources/systems day in and day out.


just my two cents

Stacey

On 10/25/05, Barrie Dempster <barrie () reboot-robot net> wrote:

On Tue, 2005-10-18 at 23:20 +0100, xyberpix wrote:

It seems like (from the subject and the thread in progress), that you
want to hire an
external co, to set up an e-banking site?

If that is the case, and like I said I could be reading this all
wrong, am I the only person
on this list that thinks that this is a completely insane idea???


What is insane about it ?

Hiring an external company ?

I don't consider that to be insane, it's a common thing to do, external
security professionals with proper security checks are a good resource
for this type of work. Having it done internally may be a good idea, but
generally someone working in the security industry has had previous
security checking and then they will go through the client organisations
security check procedure before being tasked to the project. This means
they will have had more checks than the permanent employees. External
companies like this work on reputation as their main asset, based on the
skills and integrity of their consultants.

As long as the client organisation verifies the reputation and performs
security checks they will be hiring people with a decent potential to be
trustworthy, as mush as, if not more than, their current employees.

(DISCLAIMER: I am an external contractor working in situations very much
like this.)

--
With Regards..
Barrie Dempster (zeedo) - Fortiter et Strenue

"He who hingeth aboot, geteth hee-haw" Victor - Still Game

blog:  http://reboot-robot.net
sites: http://www.bsrf.org.uk - http://www.security-forums.com
ca:    https://www.cacert.org/index.php?id=3

Current thread:

internet banking security Muhammad Aslam (Oct 12)
- Re: internet banking security Barrie Dempster (Oct 13)
  - Re: internet banking security Muhammad Aslam (Oct 18)
    - Re: internet banking security Barrie Dempster (Oct 18)
    - Re: internet banking security ework0 (Oct 18)
    - Re: internet banking security Brian Smith (Oct 21)
- RE: internet banking security Rocky Heckman (Oct 17)
- Re: internet banking security crazy frog crazy frog (Oct 18)
  - Re: internet banking security xyberpix (Oct 18)
    - Re: internet banking security Barrie Dempster (Oct 26)
    - Re: internet banking security Stacey Blanc (Oct 27)
    - RE: internet banking security Mark Brunner (Oct 27)