Outsourcing is a good strategy for businesses with lots of cash (...) to consider as an alternative to developing in-house expertise in areas that lie away from their "core competencies". I don't think it's a big stretch, though, to recognize that Security and Trust are, or should be, a bank's core competencies. The entire banking system only works because most of the people believe it can be trusted. As a general rule, I think security is a very poor choice of function to outsource. For a *bank*, I think it's just WRONG.
David Gillett > -----Original Message----- > From: Meritt James [mailto:[EMAIL PROTECTED] > Sent: July 31, 2003 06:16 > To: pablo gietz > Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: Re: Hosting > > > A bank is outsourcing? yeah..... There may well be privacy and > treasury guidance that restricts what they can do. I recommend > checking. > > Jim > > pablo gietz wrote: > > > > Sr. > > > > I am the Security administrator of “that” Bank, and the "management" > > wants to give hosting to some ISP (friend of them), and I think our > > security is better than they offer. I'm looking for > arguments to rebate > > their posture or to demand proves to the IPS about the > security they are > > offering. > > > > SMBE (sorry my bad English) > > > > ATD wrote: > > > > >Pablo, > > > The hosting for the banks systems depends on the > bank. Most banks use > > >their own networks, which might I add are very insecure > (yes speaking > > >from expereince.) The networks often consist of commercial > operating > > >systems that are not up to par with the latest patches, as well as > > >administrators that are drowning in policies. (the bigger > banks). Why > > >don't we hear about them getting hacked more often? Well, > that would be > > >bad publicity now wouldn't it? > > > > > > Are you looking to have your network hosted or are > you looking into > > >building secure banking networks? > > > > > > > > >On Tue, 2003-07-29 at 16:20, pablo gietz wrote: > > > > > > > > >>Hi all > > >> > > >>What are the usual terms and condition about security a > Bank may require > > >>to a hosting company? > > >> > > >>Legal aspect, security, availability, confidentiality, > any interesting > > >>link?. > > >> > > >>It’s better to have the hosting into de company or out ? > > >> > > >>Thanks > > >> > > >>-- > > >>Pablo A. C. Gietz > > >>Jefe de Seguridad Informática > > >>Nuevo Banco de Entre RÃos S.A. > > >>Te.: 0343 - 4201351 > > >> > > >> > > >>La información y archivos contenidos en este mensaje son > confidenciales y para utilización exclusiva de los > destinatarios consignados. Si Usted no reviste ese carácter, > no se encuentra autorizado para divulgar, copiar,distribuir o > retener todo o parte de la informacion y archivos, y deberá > notificarlo de inmediato al remitente y eliminarlo de su > sistema. Muchas gracias. > > >> > > >> > > >> > > >> > > > >>------------------------------------------------------------ > --------------- > > > >>------------------------------------------------------------ > ---------------- > > >> > > > > > > > > > > > > > -- > > Pablo A. C. Gietz > > Jefe de Seguridad Informática > > Nuevo Banco de Entre Ríos S.A. > > Te.: 0343 - 4201351 > > > > La información y archivos contenidos en este mensaje son > confidenciales y para utilización exclusiva de los > destinatarios consignados. Si Usted no reviste ese carácter, > no se encuentra autorizado para divulgar, copiar,distribuir o > retener todo o parte de la informacion y archivos, y deberá > notificarlo de inmediato al remitente y eliminarlo de su > sistema. Muchas gracias. > > > > > -------------------------------------------------------------- > ------------- > > > -------------------------------------------------------------- > -------------- > > -- > James W. Meritt CISSP, CISA > Booz | Allen | Hamilton > phone: (410) 684-6566 > > -------------------------------------------------------------- > ------------- > -------------------------------------------------------------- > -------------- > --------------------------------------------------------------------------- ----------------------------------------------------------------------------
