Hi I was overwhelmed at the response i got out here. I must express my gratitude. The SAS70 doc is not available freely. U have to purchase it. INMO if you are in the line of Auditing networks and Pen Testing, it would be a good investment. Regards Anup -----Original Message----- From: Pybus, David [mailto:DPybus@colt-telecom.com] Sent: Monday, July 02, 2001 1:19 PM To: anupat_private Subject: RE: Sizing Pentest Is this document freely available and if so where can I get a copy. Regards, David Pybus Security Engineer - Colt Internet -----Original Message----- From: Anup Singh [mailto:anupat_private] Sent: 29 June 2001 09:08 To: 'Leonardo Loro'; 'Penetration Testing (E-mail)' Subject: RE: Sizing Pentest I think The pentest for a financial institution should conform to SAS 70 document for financial information security. Go thro the document.. you should have a fair enuff idea.. regards -----Original Message----- From: Leonardo Loro [mailto:leoloroat_private] Sent: Thursday, June 28, 2001 11:19 AM To: Penetration Testing (E-mail) Subject: Sizing Pentest Hi all, Which keypoints should be taken in account when sizing a pen test (for a financial institution that wants to check the vulnerabilities of their intranet systems vulnerability). Should it be charged x hour? X server? X Deliverables? Basically, they have 10 Sun 450e and 10 W2k servers on their intranet, and a PIX in to work as a FW in front of them. Thx, Leo ---------------------------------------------------------------------------- ---------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ********************************************************************** COLT Telecommunications Registered in England No. 2452736 Registered Office: Bishopsgate Court, 4 Norton Folgate, London E1 6DQ Tel. 020 7390 3900 This message is subject to and does not create or vary any contractual relationship between COLT Telecommunications, its subsidiaries or affiliates ("COLT") and you. Internet communications are not secure and therefore COLT does not accept legal responsibility for the contents of this message. Any view or opinions expressed are those of the author. The message is intended for the addressee only and its contents and any attached files are strictly confidential. If you have received it in error, please telephone the number above. Thank you. ********************************************************************** -------------------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Thu Jul 05 2001 - 09:23:03 PDT