The ability to discipline yourself to delay gratification in the short term
in order to enjoy greater rewards in the long term is the indispensable
prerequisite for success. - Brian Tracy
___________________________________________________________
Have you reviewed your physical security efforts lately?
Are You Measuring Facility Protection Efforts?
Is your weakest link going to bring your organization down?
note - the bad guys don't "get you" by coming at you through your "strengths".
What kind of risk assessments have you down in the past 3 months?
_______________________________________________________________________
What are your weakest links & do you have plans to address them before Sept
11th?
_______________________________________________________________________
1. A physical security audit program by Gord Smith.
Proximity, Perimeter and Physical Security Audit Guide
http://www.canaudit.com/security_guide.html
2. Homeland Security: Guidance and Standards Are Needed for Measuring the
Effectiveness of Agencies' Facility Protection Efforts (GAO-06-612, May 31).
http://www.gao.gov/cgi-bin/getrpt?GAO-06-612
a) 1 page summary (i.e. the highlights).
http://www.gao.gov/highlights/d06612high.pdf
3. Global Security Week, the week leading up to September 11th each year, is
an opportunity to join forces with other security professionals worldwide and
promote security to the masses.
The theme for Global Security Week 2006 is identity theft.
http://www.globalsecurityweek.com/
4. From eWeek: Security Threats Growing
eWeek reports that IT threats are growing faster than ever before, according to
a security software producer McAfee, which recently recorded its 200,000th
piece of known malware code. Problem is, most companies aren't doing enough to
secure
their data centers. Though roughly 83% of respondents to a recent AFCOM study
say their company has a risk management plan in place, only 2.7% of them
specifically address viruses.
a) Research Points to Faster Threat Development
http://ct.enews.cioinsight.com/rd/cts?d=188-358-1-20-167337-45688-0-0-0-1
b) Security: Bleak Prospects for Corporate Data Center
http://ct.enews.cioinsight.com/rd/cts?d=188-358-1-20-167337-45691-0-0-0-1
5. Finally, face it - an incident is going to happen - (and) - its much
better to
pro-actively develop an incident esponse "capability" (than to make it up "as
you go"). Some great incident response resource links are available at:
www.ussecurityawareness.org/highres/incident-response.html
Enjoy.
Dan
_________________________________________________
www.securitybenchmark.com
http://finance.groups.yahoo.com/group/Dans_SECemails/
http://finance.groups.yahoo.com/group/Dans_CCCemails/
________________________________________________
Ask the Auditor: Who is Responsible for Information Security?
(Some thoughts and great resources)
www.itcinstitute.com/display.aspx?ID=1823
Auditing Information Security
infosecuritymag.techtarget.com/articles/october00/features3.shtml
Auditing System Conversions
www.theiia.org/ITAudit/index.cfm?act=itaudit.archive&fid=5495
Ask the Auditor: Business Risk vs. Audit Risk
http://www.itcinstitute.com/display.aspx?id=1673
_______________________________________________________
Information Security Resources
_______________________________________________________ 1. The Computer
Emergency Response Team (CERT) program has developed extensive guidance
regarding information security, security management, security governance, and
the assessment of risk. CERT is part of the Software Engineering Institute
(SEI), a federally funded research and development center at Carnegie
Mellon University. Some of its most interesting resources explore:
Evaluation of security risks, practices, insider threats
Development of a computer security incident response team
Governing for Enterprise (PDF) (HTML version)
The �Build Security In� initiative
2. The Corporate Information Security Working Group (CISWG) has produced
guidance on the development of information security metrics and created a
definitive summary of information security management references. CISWG is a
program formed by Adam H. Putnam, chairman of the Subcommittee on Technology,
Information Policy, Intergovernmental Relations & the Census of the Government
Reform Committee, of the U.S. House of Representatives. Its publications
include:
CISWG�The Final Report of the Best Practices and Metrics Teams (PDF)
CISWG�Information Security Management References(PDF)
3. Executive Guide: Information Security Management: Learning From Leading
Organizations
4. Microsoft�s Security Risk Management Guide
5. The International Systems Security Engineering Association (ISSEA)
6. How to Become an Information Security Professional
7. US Security Awareness�Information Security Auditing
8. The SANS Institute and its SCORE Checklist Project: ISO 17799
9. The Center for Internet Security
10. The Information Systems Security Association (ISSA)
________________________________________________
---------------------------------
Sneak preview the all-new Yahoo.com. It's not radically different. Just
radically better.
