From: Ivan Arce (ivan.arce@coresecurity.com)
Date: Wed Apr 21 2004 - 16:29:09 EDT
In addition to FFIEC guidelines you might find some NIST documents usefull:
SP800-26 "Security Self-Assessment Guide for Inforamtion Technology Systems"
http://csrc.nist.gov/publications/nistpubs/800-26/sp800-26.pdf
and
SP800-42 "Guideline on Network Security Testing"
http://csrc.nist.gov/publications/nistpubs/800-42/NIST-SP800-42.pdf
-ivan
Blake Wiedman wrote:
> You can find the answers to most of your questions including guidelines
> here http://www.ffiec.gov/
>
> My employer uses the guidelines as the basis for all of our banking
> clients.
>
>
> Blake Wiedman
> Security Technician
> Icons Inc.
> www.iconsinc.com
> 732.309.6038
>
> -----Original Message-----
> From: Joe Smith [mailto:joey@r00t66.com]
> Sent: Monday, April 19, 2004 2:40 PM
> To: pen-test@securityfocus.com
> Subject: Bank Assessment
>
>
> I'm looking for any good links with regard to Banking Institutions..
> Security assessments, pen-testing, special needs etc. I know they are
> big on policies and procedures.
>
>
> ------------------------------------------------------------------------
> ------
> Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
> off
> any course! All of our class sizes are guaranteed to be 10 students or
> less
> to facilitate one-on-one interaction with one of our expert instructors.
> Attend a course taught by an expert instructor with years of
> in-the-field
> pen testing experience in our state of the art hacking lab. Master the
> skills
> of an Ethical Hacker to better assess the security of your organization.
> Visit us at:
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> ------------------------------------------------------------------------
> -------
>
>
>
> ------------------------------------------------------------------------------
> Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
> any course! All of our class sizes are guaranteed to be 10 students or less
> to facilitate one-on-one interaction with one of our expert instructors.
> Attend a course taught by an expert instructor with years of in-the-field
> pen testing experience in our state of the art hacking lab. Master the skills
> of an Ethical Hacker to better assess the security of your organization.
> Visit us at:
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> -------------------------------------------------------------------------------
>
-- --- To strive, to seek, to find, and not to yield. - Alfred, Lord Tennyson Ulysses,1842 Ivan Arce CTO CORE SECURITY TECHNOLOGIES 46 Farnsworth Street Boston, MA 02210 Ph: 617-399-6980 Fax: 617-399-6987 ivan.arce@coresecurity.com www.coresecurity.com PGP Fingerprint: C7A8 ED85 8D7B 9ADC 6836 B25D 207B E78E 2AD1 F65A ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:52 EDT