RE: Sizing Pentest

From: Anup Singh (anupat_private)
Date: Fri Jun 29 2001 - 01:07:47 PDT

  • Next message: David Cowen: "RE: SUMMARY: Ethical Hacking Courses"

    I think The pentest for a financial institution should conform to SAS 70
    document for financial information security. Go thro the document.. you
    should have a fair enuff idea..
    
    regards
    
    -----Original Message-----
    From: Leonardo Loro [mailto:leoloroat_private]
    Sent: Thursday, June 28, 2001 11:19 AM
    To: Penetration Testing (E-mail)
    Subject: Sizing Pentest
    
    
    Hi all,
    
    Which keypoints should be taken in account when sizing a pen test (for a
    financial institution that wants to check the vulnerabilities of their
    intranet systems vulnerability).  Should it be charged x hour? X server?
    X Deliverables? 
    
    Basically, they have 10 Sun 450e and 10 W2k servers on their intranet,
    and a PIX in to work as a FW in front of them.
    
    Thx,
    
    Leo
    
    
    ----------------------------------------------------------------------------
    ----------
    
    This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
    Service
    For more information on SecurityFocus' SIA service which automatically
    alerts you to 
    the latest security vulnerabilities please see:
    
    https://alerts.securityfocus.com/
    
    
    

    -------------------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/



    This archive was generated by hypermail 2b30 : Fri Jun 29 2001 - 08:28:37 PDT