Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security CISSP-Discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[CISSP-D] REVIEW: "Outsourcing Information Security", C. Warren Axelrod

from [Rob, grandpa of Ryan, Trevor, Devon & Hannah] Network Security [Permanent Link]
Subject: [CISSP-D] REVIEW: "Outsourcing Information Security", C. Warren Axelrod
Date: Thu, 20 Jan 2005 08:23:18 -0800 


BKOSINSC.RVW   20041210

"Outsourcing Information Security", C. Warren Axelrod, 2004,
1-58053-531-3, U$85.00/C$119.50
%A   C. Warren Axelrod
%C   685 Canton St., Norwood, MA   02062
%D   2004
%G   1-58053-531-3
%I   Artech House/Horizon
%O   U$85.00/C$119.50 800-225-9977 artech@artech-house.com
%O  http://www.amazon.com/exec/obidos/ASIN/1580535313/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/1580535313/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/1580535313/robsladesin03-20
%O   tl a rl 1 tc 1 ta 3 tv 2 wq 2
%P   248 p.
%T   "Outsourcing Information Security"

The author states that he intends to raise issues involved in
outsourcing security in such as way that those working through the
process will not neglect important areas of concern.

Chapter one reviews reasons for outsourcing.  Lists of threats and
vulnerabilities, in general, are given in chapter two.  Costs are
examined in chapter three, as a basic discussion of justification for
outsourcing.  Chapter four looks at risks that might be associated
with outsourcing.  Various types of costs, such as intangible,
subjective, and indirect, are contemplated in chapter five, and costs
related to different stages of the evaluation process in chapter six. 
Chapter seven investigates a number of issues surrounding the
development of requirements for system or project development.  The
first chapter that actually seems to talk in detail about security
outsourcing, rather than just outsourcing itself, is chapter eight,
which goes through the ten domains of the CISSP (Certified Information
Systems Security Professional) CBK (Common Body of Knowledge) (and
some subdomains), determining which of them are particularly
appropriate for outsourcing, and which are not.  Chapter nine outlines
the outsourcing process as a sequence of steps.

Axelrod has provided a very solid and useful framework for dealing
with the many areas that need to be considered if outsourcing is
sought.  Very little is directly relevant to the security function
itself, but that may simply expand the market for the book.  It is
probably futile to expect that any more guidance could have been
provided, since the possiblities are so immense, but the summary given
here still leaves the potential outsourcer with an enormous amount of
work to do.

copyright Robert M. Slade, 2004   BKOSINSC.RVW   20041210


======================  (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca      slade@victoria.tc.ca      rslade@sun.soci.niu.edu
Murder is a crime. Describing murder is not. Sex is not a crime.
Describing sex is.        - Gershon Legman (b. 1917) American writer
http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade






 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/CISSP-Discuss/

<*> To unsubscribe from this group, send an email to:
    CISSP-Discuss-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [CISSP-D] REVIEW: "Outsourcing Information Security", C. Warren Axelrod, Rob, grandpa of Ryan, Trevor, Devon & Hannah <=
Previous by Date:  Re: [CISSP-D] Am i Eligible for CISSP, Theodore Stout
Next by Date:  [CISSP-D] cissp-wannabe list, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Previous by Thread:  [CISSP-D] Just Passed the Exam, jide akinyemi
Next by Thread:  [CISSP-D] cissp-wannabe list, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Indexes:  [Date] [Thread] [Top] [All Lists]