Penetration Testing mailing list archives
RE: Bank pen test
From: "Jon Gucinski" <Jgucinski () midwestbank com>
Date: Tue, 07 Mar 2006 15:46:44 -0600
There's also another thing to consider when dealing with financial corporations: regulation. The US Banking sector is one of (if not THE) most regulated industry on the planet. We're forced to comply with many regulations, regardless of cost, in order to do business. While some risks may be left open due to cost, i'd wager that the overwhelming majority are not. Audit and Compliancy committee's just won't have it, especially if an outside auditor/pen-test says that its a problem that has to be fixed. In terms of media value, its pretty much infinite. A bank or other financial organization will tend to do whatever it can to avoid any kind of negative press, especially as it relates to integrity/confidentiality breaches, as long as the cure wouldn't bankrupt them too. -Jon Regards,
"Craig Wright" <cwright () bdosyd com au> 3/6/2006 9:42:53 pm >>>
This is a simple and short answer for once. A good risk assessment will take the impact from adverse publicity (not to state that all risk assessments are done well). So if the media value is quantified, than this should be a part of the risk management process. Regards Craig -----Original Message----- From: Vaidya [mailto:dnvaidya () rilinfo net] Sent: Tue 7/03/2006 6:31 AM To: Craig Wright; mystic33; Noe Espinoza Mancillas; pen-test () securityfocus com Cc: Subject: Re: Bank pen test In some cases I have experienced that though the impact (cost) of vulnerability after it's exploitation is less than the cost of prevention/remedy or the probability of getting the vulnerability exploited is very less still financial institutes like banks or the people who deal in online trading or share market peoples decide to opt the prevention because their major business works on faith of customer. A single breakout in media about vulnerability exploitation by the internal employee or from internal network or from external attacker too can create a doubt about whole investment the bank or equal institute has made to secure it's "e" enabled business. Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within those States and Territories of Australia where such legislation exists. DISCLAIMER The information contained in this email and any attachments is confidential. If you are not the intended recipient, you must not use or disclose the information. If you have received this email in error, please inform us promptly by reply email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy. Any views expressed in this message are those of the individual sender. You may not rely on this message as advice unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by a Partner of BDO. BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, interception, corruption or unauthorised access. NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information. Any unauthorized review, use, printing, saving, copying, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email and delete all copies. ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com ------------------------------------------------------------------------------
Current thread:
- RE: Bank pen test Craig Wright (Mar 06)
- Re: Bank pen test Vaidya (Mar 07)
- <Possible follow-ups>
- RE: Bank pen test Craig Wright (Mar 07)
- RE: Bank pen test Jon Gucinski (Mar 07)
- RE: Bank pen test Craig Wright (Mar 08)
- RE: Bank pen test Craig Wright (Mar 08)
- RE: Bank pen test Craig Wright (Mar 08)
- RE: Bank pen test Omar A. Herrera (Mar 09)
- RE: Bank pen test Bergert, David (Mar 09)