RE: Sizing Pentest

["Anup Singh" <anup () ealcatraz com>]

Hi

I was overwhelmed at the response i got out here. I must express my
gratitude.
The SAS70 doc is not available freely. U have to purchase it. INMO if you
are in the line of Auditing networks and Pen Testing, it would be a good
investment.

Regards

Anup

-----Original Message-----
From: Pybus, David [mailto:DPybus () colt-telecom com]
Sent: Monday, July 02, 2001 1:19 PM
To: anup () ealcatraz com
Subject: RE: Sizing Pentest


Is this document freely available and if so where can I get a copy.

Regards,
David Pybus

Security Engineer - Colt Internet

-----Original Message-----
From: Anup Singh [mailto:anup () ealcatraz com]
Sent: 29 June 2001 09:08
To: 'Leonardo Loro'; 'Penetration Testing (E-mail)'
Subject: RE: Sizing Pentest


I think The pentest for a financial institution should conform to SAS 70
document for financial information security. Go thro the document.. you
should have a fair enuff idea..

regards

-----Original Message-----
From: Leonardo Loro [mailto:leoloro () microsoft com]
Sent: Thursday, June 28, 2001 11:19 AM
To: Penetration Testing (E-mail)
Subject: Sizing Pentest


Hi all,

Which keypoints should be taken in account when sizing a pen test (for a
financial institution that wants to check the vulnerabilities of their
intranet systems vulnerability).  Should it be charged x hour? X server?
X Deliverables?

Basically, they have 10 Sun 450e and 10 W2k servers on their intranet,
and a PIX in to work as a FW in front of them.

Thx,

Leo


----------------------------------------------------------------------------
----------

This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service
For more information on SecurityFocus' SIA service which automatically
alerts you to
the latest security vulnerabilities please see:

https://alerts.securityfocus.com/


**********************************************************************
COLT Telecommunications
Registered in England No. 2452736
Registered Office: Bishopsgate Court, 4 Norton Folgate, London E1 6DQ
Tel. 020 7390 3900

This message is subject to and does not create or vary any contractual
relationship between COLT Telecommunications, its subsidiaries or
affiliates ("COLT") and you. Internet communications are not secure
and therefore COLT does not accept legal responsibility for the
contents of this message.  Any view or opinions expressed are those of
the author. The message is intended for the addressee only and its
contents and any attached files are strictly confidential. If you have
received it in error, please telephone the number above. Thank you.


**********************************************************************


--------------------------------------------------------------------------------------

This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service
For more information on SecurityFocus' SIA service which automatically alerts you to 
the latest security vulnerabilities please see:

https://alerts.securityfocus.com/