Penetration Testing mailing list archives
Re: Skype use obligation - Security x Productivity
From: M.B.Jr. <marcio.barbado () gmail com>
Date: Wed, 18 Jul 2007 11:33:58 -0300
Well, thank you all. I really appreciate your attention and your suggestions as well. See, when I stated: "Risk their efforts in obtaining the mentioned ISO certifications?" I meant they are struggling to obtain it in order to conform to another big partner's prerequisites (yes, ironic). They do not have the certifications yet and the voip application use obligation may constitute one big barrier. It all starts like that. Like: "yes sir, voip's great!" Then: "sir, why don't we provide our workforce with some voip enhanced mobile devices? check out this nice colored folder explaining it." That's one main concern for network security. Voip always brings some AP's along with it. We try hard to keep wi-fi technologies far from our customers' networks. Another point raised: Why posting this issue in here? What is its relationship with pentesting? Well, network assessments are our company's cornerstone and all of our efforts in strengthening a client's infrastructure is conducted through a layer-by-layer perspective. We are about to schedule a meeting with our customer's CIO (they do not have sth like a CSO, that's our company's role) and one of their board members. Be sure that most of what was said here is going to be taken in account then. Thank you again. Yours sincerely On 7/18/07, Pretorius, Wynand (ZA - Johannesburg) <wpretorius () deloitte co za> wrote:
Good Morning For the 7799 certification you need to show evidence that the business decided on using a particular technology that falls within acceptable levels of risk. Remember the business defines the risk levels. Risks must be identified, mitigated, accepted or transferred with supporting evidence. You cannot fail a company because of their choice of technology. In fact is not even about the technology but more the management of the risk. My advise to you is that if the business chose skype, ensure that the supporting processes, secure configuration standards and acceptable use policy in place. This will show that the technology is managed and the risks identified. Also consider a readiness audit before you go for certification. Regards Wynand Pretorius CISSP CISA CISM ISO 27001 Lead Auditor Manager Enterprise Risk Services Deloitte & Touche Tel switchboard +27 (0)11 806 5000 Email: wpretorius () deloitte co za World Wide Web http://www.deloitte.com -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Javier O. Augusto Sent: 17 July 2007 03:34 AM To: pen-test () securityfocus com Subject: Re: Skype use obligation - Security x Productivity -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 M.B.Jr. wrote: > [..] What to do? Risk their efforts in obtaining ISO certification? > Guess we need to hear some other professionals. > > Thank you, any comment will be extremmely useful. > Greetings, You're better off sending this question to "bs7799 () securityfocus com" Anyway, remeber that ISO 17799 guidelines says measurements are not mandatory... HTH. Jay_of_Today -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGnByBdzPeqPICKQkRAq2bAJkB4Ew5A4vpofU6b08NhnM421Y3AgCgjusw buPeMOm5jkURv7t+K8LGz9E= =ZOuq -----END PGP SIGNATURE----- ------------------------------------------------------------------------ This List Sponsored by: Cenzic Swap Out your SPI or Watchfire app sec solution for Cenzic's robust, accurate risk assessment and management solution FREE - limited Time Offer http://www.cenzic.com/c/wf-spi ------------------------------------------------------------------------ Important Notice: This email is subject to important restrictions, qualifications and disclaimers ("the Disclaimer") that must be accessed and read by visiting our website and viewing the webpage at the following address: http://www.deloitte.com/za/disclaimer. The Disclaimer is deemed to form part of the content of this email in terms of Section 11 of the Electronic Communications and Transactions Act, 25 of 2002. If you cannot access the Disclaimer, please obtain a copy thereof from us by sending an email to ClientServiceCentre () Deloitte co za. ------------------------------------------------------------------------ This List Sponsored by: Cenzic Swap Out your SPI or Watchfire app sec solution for Cenzic's robust, accurate risk assessment and management solution FREE - limited Time Offer http://www.cenzic.com/c/wf-spi ------------------------------------------------------------------------
-- Marcio Barbado, Jr. ============== ============== ------------------------------------------------------------------------ This List Sponsored by: Cenzic Swap Out your SPI or Watchfire app sec solution for Cenzic's robust, accurate risk assessment and management solution FREE - limited Time Offer http://www.cenzic.com/c/wf-spi ------------------------------------------------------------------------
Current thread:
- Skype use obligation - Security x Productivity M . B . Jr . (Jul 16)
- Re: Skype use obligation - Security x Productivity Javier O. Augusto (Jul 17)
- RE: Skype use obligation - Security x Productivity Pretorius, Wynand (ZA - Johannesburg) (Jul 18)
- Re: Skype use obligation - Security x Productivity M . B . Jr . (Jul 18)
- Re: Skype use obligation - Security x Productivity Roland Dobbins (Jul 20)
- Re: Skype use obligation - Security x Productivity M . B . Jr . (Jul 20)
- Re: Skype use obligation - Security x Productivity Mister Dookie (Jul 20)
- RE: Skype use obligation - Security x Productivity Pretorius, Wynand (ZA - Johannesburg) (Jul 18)
- Re: Skype use obligation - Security x Productivity Javier O. Augusto (Jul 17)
- RE: Skype use obligation - Security x Productivity Pradeep-Kumar . Karavadi (Jul 17)
- Re: Skype use obligation - Security x Productivity Cedric Blancher (Jul 17)
- Re: Skype use obligation - Security x Productivity Roland Dobbins (Jul 17)
- Re: Skype use obligation - Security x Productivity Justin Ferguson (Jul 20)
- Re: Skype use obligation - Security x Productivity Roland Dobbins (Jul 20)