RE: Bank pen test

From: Craig Wright (cwright@bdosyd.com.au)
Date: Mon Mar 06 2006 - 22:42:53 EST

• Next message: 3 shool: "Re: Cognos Default Username and password"
• Previous message: Eriberto: "IPS HLBR 1.0 released (off-topic)"
• Maybe in reply to: Noe Espinoza Mancillas: "Bank pen test"
• Next in thread: Jon Gucinski: "RE: Bank pen test"
• Reply: Jon Gucinski: "RE: Bank pen test"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This is a simple and short answer for once. A good risk assessment will take the impact from adverse publicity (not to state that all risk assessments are done well).
 
So if the media value is quantified, than this should be a part of the risk management process.
 
Regards
Craig

        -----Original Message-----
        From: Vaidya [mailto:dnvaidya@rilinfo.net]
        Sent: Tue 7/03/2006 6:31 AM
        To: Craig Wright; mystic33; Noe Espinoza Mancillas; pen-test@securityfocus.com
        Cc:
        Subject: Re: Bank pen test
        
        
        In some cases I have experienced that though the impact (cost) of
        vulnerability after it's exploitation is less than the cost of
        prevention/remedy or the probability of getting the vulnerability exploited
        is very less still financial institutes like banks or the people who deal in
        online trading or share market peoples decide to opt the prevention because
        their major business works on faith of customer. A single breakout in media
        about vulnerability exploitation by the internal employee or from internal
        network or from external attacker too can create a doubt about whole
        investment the bank or equal institute has made to secure it's "e" enabled
        business.
        

Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within those States and Territories of Australia where such legislation exists.

DISCLAIMER
The information contained in this email and any attachments is confidential. If you are not the intended recipient, you must not use or disclose the information. If you have received this email in error, please inform us promptly by reply email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy.

Any views expressed in this message are those of the individual sender. You may not rely on this message as advice unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by a Partner of BDO.

BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, interception, corruption or unauthorised access.

• Next message: 3 shool: "Re: Cognos Default Username and password"
• Previous message: Eriberto: "IPS HLBR 1.0 released (off-topic)"
• Maybe in reply to: Noe Espinoza Mancillas: "Bank pen test"
• Next in thread: Jon Gucinski: "RE: Bank pen test"
• Reply: Jon Gucinski: "RE: Bank pen test"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:37 EDT