Home page logo
/

pen-test logo Penetration Testing mailing list archives

[PEN-TEST] SAS70; the process and merit thereof?
From: Craig Anderson <craig () XTIME COM>
Date: Tue, 26 Sep 2000 15:31:58 +0000

Helu,

  This is a little off the subject of general penetration testing, but I
think it still falls under the general awareness of the pen-testing crowd.

  Is anyone familiar with the process of attaining SAS70 certification
( Statements and Accounting Standards ) that is used to 'label' an
infrastructure sufficiently secure to perform online financial
transactions?

  More importantly, is this just another semi-worthless 'stamp' of
approval, ala ICSA ( not to offend anyone.. my opinion though )?

  Also, has anyone been asked to verify the set of requirements this
entails in addition to a penetration test?



Thanks in advance,

-- Craig


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]