mailing list archives
[PEN-TEST] SAS70; the process and merit thereof?
From: Craig Anderson <craig () XTIME COM>
Date: Tue, 26 Sep 2000 15:31:58 +0000
This is a little off the subject of general penetration testing, but I
think it still falls under the general awareness of the pen-testing crowd.
Is anyone familiar with the process of attaining SAS70 certification
( Statements and Accounting Standards ) that is used to 'label' an
infrastructure sufficiently secure to perform online financial
More importantly, is this just another semi-worthless 'stamp' of
approval, ala ICSA ( not to offend anyone.. my opinion though )?
Also, has anyone been asked to verify the set of requirements this
entails in addition to a penetration test?
Thanks in advance,