Penetration Testing
Technology Neutral Healthcheck Jan 19 2012 03:02PM
cribbar (crib bar hotmail co uk)

Can I ask if any of you have roles as security admins or managers if you have
a sort of baseline checklist you use for when departments in your company
come calling saying they need a new payroll system, or a new procurement
system or whatever. I am in a very jnr role in a risk section but I thought
it wouldnt do any harm to see the kind of checks or questions you'll ask any
3rd party offering a solution/application for you that will give you a
degree of assurance that this is a system that can be utilsied for
processing (maybe only internally) medium sensitive data. I just wondered if
you have such a "checklist" that you'd want of assurance before engaging
further with the 3rd party application provider? I know a lot of more
deailed assurance would need technology specific auditing/pen testing - but
as a technology neutral "top 20" checks -would you be willing to share - or
perhaps if you dont have a list put some suggestions on a top 20 checks
you'll run before even contemplating such an application could be utilised
in your environment.
View this message in context:
Sent from the Penetration Testing mailing list archive at


This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus