Re: Hosting

[pablo gietz]

David

I totally agree with your concept.

! Thanks to all who has responded.!

David Gillett wrote:

 Outsourcing is a good strategy for businesses with lots of
cash (...) to consider as an alternative to developing in-house
expertise in areas that lie away from their "core competencies".
 I don't think it's a big stretch, though, to recognize that
Security and Trust are, or should be, a bank's core competencies.
The entire banking system only works because most of the people
believe it can be trusted.
 As a general rule, I think security is a very poor choice of
function to outsource.  For a *bank*, I think it's just WRONG.
David Gillett




-----Original Message-----
From: Meritt James [mailto:[EMAIL PROTECTED]
Sent: July 31, 2003 06:16
To: pablo gietz
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: Hosting
A bank is outsourcing?  yeah.....  There may well be privacy and
treasury guidance that restricts what they can do.  I recommend
checking.
Jim

pablo gietz wrote:


Sr.

I am the Security administrator of “that” Bank, and the "management"
wants to give hosting to some ISP (friend of them), and I think our
security is better than they offer. I'm looking for

arguments to rebate


their posture or to demand proves to the IPS about the


security they are


offering.

SMBE (sorry my bad English)

ATD wrote:



Pablo,
     The hosting for the banks systems depends on the

bank.  Most banks use


their own networks, which might I add are very insecure


(yes speaking


from expereince.) The networks often consist of commercial


operating


systems that are not up to par with the latest patches, as well as
administrators that are drowning in policies. (the bigger

banks). Why


don't we hear about them getting hacked more often?  Well,


that would be


bad publicity now wouldn't it?

     Are you looking to have your network hosted or are


you looking into


building secure banking networks?

On Tue, 2003-07-29 at 16:20, pablo gietz wrote:




Hi all

What are the usual terms and condition about security a


Bank may require


to a hosting company?

Legal aspect, security, availability, confidentiality,


any interesting


link?.

It’s better to have the hosting into de company or out ?

Thanks

--
Pablo A. C. Gietz
Jefe de Seguridad Informática
Nuevo Banco de Entre Ríos S.A.
Te.: 0343 - 4201351
La información y archivos contenidos en este mensaje son


confidenciales y para utilización exclusiva de los
destinatarios consignados. Si Usted no reviste ese carácter,
no se encuentra autorizado para divulgar, copiar,distribuir o
retener todo o parte de la informacion y archivos, y deberá
notificarlo de inmediato al remitente y eliminarlo de su
sistema. Muchas gracias.





------------------------------------------------------------


---------------


------------------------------------------------------------


----------------





--
Pablo A. C. Gietz
Jefe de Seguridad Informática
Nuevo Banco de Entre Ríos S.A.
Te.: 0343 - 4201351
La información y archivos contenidos en este mensaje son


confidenciales y para utilización exclusiva de los
destinatarios consignados. Si Usted no reviste ese carácter,
no se encuentra autorizado para divulgar, copiar,distribuir o
retener todo o parte de la informacion y archivos, y deberá
notificarlo de inmediato al remitente y eliminarlo de su
sistema. Muchas gracias.



--------------------------------------------------------------
-------------
--------------------------------------------------------------
--------------
--
James W. Meritt CISSP, CISA
Booz | Allen | Hamilton
phone: (410) 684-6566
--------------------------------------------------------------
-------------
--------------------------------------------------------------
--------------




---------------------------------------------------------------------------
----------------------------------------------------------------------------



--
Pablo A. C. Gietz
Jefe de Seguridad Informática
Nuevo Banco de Entre Ríos S.A.
Te.: 0343 - 4201351
La información y archivos contenidos en este mensaje son confidenciales y para utilización exclusiva de los destinatarios consignados. Si Usted no reviste ese carácter, no se encuentra autorizado para divulgar, copiar,distribuir o retener todo o parte de la informacion y archivos, y deberá notificarlo de inmediato al remitente y eliminarlo de su sistema. Muchas gracias.



---------------------------------------------------------------------------
----------------------------------------------------------------------------