Penetration Testing mailing list archives
Technology Neutral Healthcheck
From: cribbar <crib.bar () hotmail co uk>
Date: Thu, 19 Jan 2012 07:02:01 -0800 (PST)
Can I ask if any of you have roles as security admins or managers if you have a sort of baseline checklist you use for when departments in your company come calling saying they need a new payroll system, or a new procurement system or whatever. I am in a very jnr role in a risk section but I thought it wouldnt do any harm to see the kind of checks or questions you'll ask any 3rd party offering a solution/application for you that will give you a degree of assurance that this is a system that can be utilsied for processing (maybe only internally) medium sensitive data. I just wondered if you have such a "checklist" that you'd want of assurance before engaging further with the 3rd party application provider? I know a lot of more deailed assurance would need technology specific auditing/pen testing - but as a technology neutral "top 20" checks -would you be willing to share - or perhaps if you dont have a list put some suggestions on a top 20 checks you'll run before even contemplating such an application could be utilised in your environment. -- View this message in context: http://old.nabble.com/Technology-Neutral-Healthcheck-tp33168384p33168384.html Sent from the Penetration Testing mailing list archive at Nabble.com. ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Technology Neutral Healthcheck cribbar (Jan 19)