I think The pentest for a financial institution should conform to SAS 70 document for financial information security. Go thro the document.. you should have a fair enuff idea.. regards -----Original Message----- From: Leonardo Loro [mailto:leoloroat_private] Sent: Thursday, June 28, 2001 11:19 AM To: Penetration Testing (E-mail) Subject: Sizing Pentest Hi all, Which keypoints should be taken in account when sizing a pen test (for a financial institution that wants to check the vulnerabilities of their intranet systems vulnerability). Should it be charged x hour? X server? X Deliverables? Basically, they have 10 Sun 450e and 10 W2k servers on their intranet, and a PIX in to work as a FW in front of them. Thx, Leo ---------------------------------------------------------------------------- ---------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Fri Jun 29 2001 - 08:28:37 PDT