Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] SAS70; the process and merit thereof?
From: Joe Calloway <calloway.wsfs () DOL NET>
Date: Wed, 27 Sep 2000 15:54:08 -0400

Craig,

   You can find more information on this topic at the following site:

http://www.sas70.com

Joe Calloway

Craig Anderson wrote:

Helu,

  This is a little off the subject of general penetration testing, but I
think it still falls under the general awareness of the pen-testing crowd.

  Is anyone familiar with the process of attaining SAS70 certification
( Statements and Accounting Standards ) that is used to 'label' an
infrastructure sufficiently secure to perform online financial
transactions?

  More importantly, is this just another semi-worthless 'stamp' of
approval, ala ICSA ( not to offend anyone.. my opinion though )?

  Also, has anyone been asked to verify the set of requirements this
entails in addition to a penetration test?

Thanks in advance,

-- Craig


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]