Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security CISSP-Discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[CISSP-D] Establishing Accountability (for Business and IT planning)

from [Dan Swanson] Network Security [Permanent Link]
Subject: [CISSP-D] Establishing Accountability (for Business and IT planning)
Date: Fri, 17 Mar 2006 05:53:36 -0800 (PST) 
  "A human being is a part of the whole, called by us "Universe," a part 
limited in time and space. He experiences himself, his thoughts and feelings as 
something separated from the rest ? a kind of optical delusion of his 
consciousness. This delusion is a kind of prison for us, restricting us to our 
personal desires and to affection for a few persons nearest to us. 
   
  Our task must be to free ourselves from this prison by widening our circle of 
compassion to embrace all living creatures and the whole of nature in its 
beauty. 

  Nobody is able to achieve this completely, but the striving for such 
achievement is in itself a part of the liberation and a foundation for inner 
security." 
  ? Albert Einstein.
_________________________________________________________

Two excellent papers to help establish "accountability" for Business and IT 
planning -- in any environment !!! 
   
  Read on ...
_________________________________________________________

a) The two GAO best practice research studies (i.e. guidance papers) below 
provide an excellent discussion about business planning (the first paper) and 
then IT mgmt and IT planning (the second paper). 

The GAO publishes more than 2000 reports a year and these two papers (below) 
are in my view in the "top 5" from the past 10 years !!! 
  
b) Also, (very important) just because they are written for the government 
environment does not mean they are not relevant to the private sector - i.e. 
name a private sector organization that has more challenges and issues (for IT 
to deal with) than the US federal 
government. 

c) Finally, David McClure's 1994 GAO IT Best Practice guidance (the second 
paper below) remains one of the best papers I have ever read regarding IT 
management 
  - (& I've read a few papers over the years).

Enjoy - & (pass this one on.)

Thanks.

Dan

www.securitybenchmark.com
http://finance.groups.yahoo.com/group/Dans_SECemails/
http://finance.groups.yahoo.com/group/Dans_CCCemails/
______________________________________________________

"A pessimist sees the difficulty in every opportunity; an optimist sees the 
opportunity in every difficulty". ? Sir Winston Churchill.

"Cherish your vision; Cherish your ideals; Cherish the music that stirs in your 
heart, the beauty that forms in your mind, the loveliness that drapes your 
purest thoughts. If you remain true to them, your world will at last be built". 
- James Allen.

"Quality is never an accident; it is always the result of high intention, 
sincere effort, intelligent direction, and skillful execution; it presents the 
wise choice of many alternatives." - Willa A. Foster.
_______________________________________________________ 
1. You should (MUST?) ensure your budgeting efforts (particularly 
in the IT area) are driven by your business planning. 

The GAO has published an excellent paper on this subject titled: "Executive 
Guide: Effectively Implementing the Government Performance and Results Act". 
This fundamental guidance (i.e. that we need to define our mission, mandate, 
and goals "first") is 
available at:

http://www.gao.gov/special.pubs/gg96118.pdf

GAO published an executive guide on implementing 
  the Government Performance and Results Act (GPRA). 
   
  GAO noted that: 

(1) GPRA forces federal agencies to focus on their missions and goals, how to 
achieve them, and how to improve their structural organizations and business 
processes; 

(2) agencies must define their missions and desired outcomes, use strategic 
planning, involve stakeholders, assess their environments, and align their 
activities, core processes, and resources to support mission-related outcomes; 

(3) agencies need to measure their performance to ensure that they are meeting 
their goals and making informed decisions; 

(4) performance measures need to be based on program-related characteristics 
and performance data must be sufficiently complete, accurate, and consistent; 

(5) agencies must use performance data to improve organizational processes, 
identify performance gaps, and set improvement goals; and 

(6) GPRA success depends on strong leadership practices that devolve 
decisionmaking authority with accountability, create incentives, build 
expertise, and integrate management reforms. 
_______________________________________________________

2. You must also get your information technology efforts "in order" - i.e. 
check out GAO's landmark guidance report entitled: "Executive Guide: Improving 
Mission Performance Through Strategic Information Management and Technology" 
which is available at:

http://archive.gao.gov/t2pbat3/151707.pdf

Background: Making government more effective and efficient is a national issue. 
Today's information systems offer the government unprecedented opportunities to 
provide higher quality services 
tailored to the public's changing needs. Unfortunately, federal agencies have 
not kept pace with evolving management practices and skills necessary to 

(1) precisely define critical information needs and 

(2) select, apply, and control changing information technologies. 

The result, in many cases, has been wasted resources, 
  a frustrated public unable to get quality service, 
  and a government ill-prepared to measure and manage 
  its affairs in an acceptable, businesslike manner. 
_______________________________________________________

In closing, if there are two documents you read this year from me it should be 
these two papers) !!!!!! 
   
  (full stop).
________________________________________________________ 
Enjoy,

Dan

www.securitybenchmark.com
http://finance.groups.yahoo.com/group/Dans_SECemails/
http://finance.groups.yahoo.com/group/Dans_CCCemails/

"The most important contribution management needs 
  to make in the 21st century is to increase the productivity of knowledge work 
& the knowledge 
  worker." - Peter F. Drucker.

The 2006 Mid Canada Information Technology Conference
www.midcanitc.com

Achieving Operational Excellence
www.tripwire.com/compliance/

Auditing Information Security
infosecuritymag.techtarget.com/articles/october00/features3.shtml

Auditing System Conversions
www.theiia.org/ITAudit/index.cfm?act=itaudit.archive&fid=5495
__________________________________________________________

                
---------------------------------
Yahoo! Mail
Bring photos to life! New PhotoMail  makes sharing a breeze.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [CISSP-D] Establishing Accountability (for Business and IT planning), Dan Swanson <=
Previous by Date:  [CISSP-D] NIST has released four New Publications related to Computer Security, nadeem_rafi
Next by Date:  [CISSP-D] remediation checklist and plan template, James Willoughby
Previous by Thread:  [CISSP-D] NIST has released four New Publications related to Computer Security, nadeem_rafi
Next by Thread:  [CISSP-D] remediation checklist and plan template, James Willoughby
Indexes:  [Date] [Thread] [Top] [All Lists]