Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security CISSP-Discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[CISSP-D] Governing for Enterprise Security

from [Dan Swanson] Network Security [Permanent Link]
Subject: [CISSP-D] Governing for Enterprise Security
Date: Sat, 11 Mar 2006 07:06:16 -0800 (PST) 
  "Character cannot be developed in ease and quiet. Only through experience of 
trial and suffering can the soul be strengthened, vision cleared, ambition 
inspired, and success achieved".  (Helen Keller).
__________________________________________________________________

1. Information security is a vital element of corporate and IT governance.  

It minimizes risks to valuable information assets and maximizes compliance with 
laws, regulations and standards such as ISO 17799, BS 7799, ISO 27000-series, 
HIPAA, SOX, data protection & privacy, software copyright and intellectual 
property protection, banking industry regulations and many more. Simply put: 
"good security is good business".

NoticeBored helps build a genuine security culture through security awareness: 
Informing employees about current information security threats Motivating 
employees to comply with security controls by promoting commonsense policies, 
standards and guidelines, Outlining information security roles and 
responsibilities ... and most of all, helping make information security a 
HABIT, i.e. "the way things are done around here".

http://www.noticebored.com/blog/NBlog.html
http://www.noticebored.com/
http://www.noticebored.com/html/nbnewsletter.html
http://www.noticebored.com/html/blog.html

2. Security Matters - How Much Security Is Enough? 
  - by Julia Allen

CIOs, CSOs, and system administrators may dream about achieving a state of 
complete organizational security, but this is unrealistic and financially 
imprudent. However, it is feasible to achieve /adequate security /at an 
enterprise level in response to 
the question, "How much security is enough?"

Achieving adequate security means more than complying with regulations or 
implementing commonly accepted best practices. Formulating the concept of 
adequate security helps define the benefit and optimized outcome for security 
investment. This formulation must occur in the context of identifying and 
managing the security risks to an organization's mission and objectives.

MORE [+] 
www.sei.cmu.edu/news-at-sei/columns/security_matters/security-
matters.htm

3. For the complete report - "Governing for Enterprise Security", go to:

www.sei.cmu.edu/publications/documents/05.reports/05tn023.html.

4. Have a safe day.

Enjoy,

Dan

www.securitybenchmark.com
  http://finance.groups.yahoo.com/group/Dans_SECemails/
http://finance.groups.yahoo.com/group/Dans_CCCemails/

                
---------------------------------
Yahoo! Mail
Bring photos to life! New PhotoMail  makes sharing a breeze.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [CISSP-D] NIST leads the way, Dan Swanson
Next by Date:  [CISSP-D] Information Security Information, Dan Swanson
Previous by Thread:  [CISSP-D] NIST leads the way, Dan Swanson
Next by Thread:  [CISSP-D] Governing for Enterprise Security, Dan Swanson
Indexes:  [Date] [Thread] [Top] [All Lists]