UK banks ignore security audit findings

Some UK corporates routinely ignore the findings of security audits treating them solely as a necessary step to satisfy corporate governance regulations, according to an experienced penetration tester.

Tim Ecott, managing consultant at security integrator Integralis, explained that banks and other financial institutions are told they have to carry out a penetration test to comply with audits. In some cases - perhaps five per cent - Ecott and his team discover the same faults every time. "The findings of our reports are not followed up on either by the firms themselves or their auditors. We're not talking about critical security flaws but certainly about things that need fixing and leave firms open to attack," he said.

Friday, 20 May 2005 13:28 EST

Read Full Story

News

VoIP Call Quality Can Improve with SSL VPN
Feb 23, 2006, 19:15 EST

Interviewing hackers
Feb 23, 2006, 13:58 EST

SAINTexploit Vulnerability and Penetration Testing Tool
Feb 23, 2006, 13:57 EST

Backup or be damned
Feb 23, 2006, 13:50 EST

Mac Attack a Load of Crap
Feb 23, 2006, 10:32 EST

IT sets sites on storage security
Feb 23, 2006, 10:12 EST

Focus on cybersecurity compliance called ineffective
Feb 23, 2006, 10:04 EST

Sponsors:
Scan all company email for viruses, Trojans and worms with 4 virus engines, all in one package - GFI MailSecurity for Exchange/SMTP! Download your free 60-day trial today!	Check your website security with Acunetix Web Vulnerability Scanner. Audit your web applications for SQL injection, cross site scripting & more. Download trial!


Copyright ? IT-Observer.com 2000 - 2006	Privacy Policy \| RSS Feeds