Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security CISSP-Discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[CISSP-D] REVIEW: "Security Governance", Fred Cohen

from [Rob, grandpa of Ryan, Trevor, Devon & Hannah] Network Security [Permanent Link]
Subject: [CISSP-D] REVIEW: "Security Governance", Fred Cohen
Date: Wed, 31 Jan 2007 11:27:19 -0800 
BKSECGOV.RVW   20061110

"Security Governance", Fred Cohen, 2005, 1-878109-37-5
%A   Fred Cohen http://all.net
%C   572 Leona Dr, Livermore, CA   94550
%D   2005
%G   1-878109-37-5
%I   Fred Cohen and Associates
%O   925-454-0171 all.net
%O  http://www.amazon.com/exec/obidos/ASIN/1878109375/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/1878109375/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/1878109375/robsladesin03-20
%O   Audience a Tech 1 Writing 2 (see revfaq.htm for explanation)
%P   96 p.
%T   "Security Governance: Business Operations, Risk Management, and
      Enterprise Security Architecture"

Most of the security frameworks available are in the form of a
checklist, so why shouldn't Cohen's CISO Toolkit (see also
BKCISOGG.RVW for the "Governance Guidebook" and BKCISOHB.RVW for "The
CISO Handbook") have one?

In fact, Cohen's version may be considerably easier to understand and
use, particularly for those with a business, rather than a security,
background.  While most security frameworks are structured according
to a taxonomy of security concepts, the checklist in "Security
Governance" is based on business models and concepts.  For example,
the four major divisions are made on the basis of business functions
and modelling, oversight, business risk management, and enterprise
security management.  Therefore, the businessperson working through
the points will start with the familiar, and only later have to face
items directly discussing security.  (Even then, the security issues
are those regarding the position and management of security within the
organization.)

Regardless of other security frameworks that you may use, Cohen's
checklist will be of value.  While many items will have relations to
details in other indices, the articles and entities in "Security
Governance" address a number of issues that are not found in most
security frameworks.  Let's face it: regardless of the emphasis or
perspective, security frameworks tend to follow the same general
outline.  Cohen's work is idiosyncratic--and, in this case, that's a
useful characteristic.

Also, most security frameworks give you a checklist of about 135 items
for roughly U$150: Cohen gives you over 900 points for U$49.00.

copyright Robert M. Slade, 2006   BKSECGOV.RVW   20061110


======================  (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca     slade@victoria.tc.ca     rslade@computercrime.org
    If all the world is a stage, where is the audience sitting?
Dictionary of Information Security  www.syngress.com/catalog/?pid=4150
http://victoria.tc.ca/techrev/rms.htm


 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/CISSP-Discuss/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/CISSP-Discuss/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:CISSP-Discuss-digest@yahoogroups.com 
    mailto:CISSP-Discuss-fullfeatured@yahoogroups.com

<*> To unsubscribe from this group, send an email to:
    CISSP-Discuss-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [CISSP-D] REVIEW: "Security Governance", Fred Cohen, Rob, grandpa of Ryan, Trevor, Devon & Hannah <=
Previous by Date:  [CISSP-D] Latest ISO 17799 / ISO 27001 Newsletter Released, laurahamp
Next by Date:  Re: [CISSP-D] CISSP Certifications, erik.frambach
Previous by Thread:  [CISSP-D] Latest ISO 17799 / ISO 27001 Newsletter Released, laurahamp
Next by Thread:  Re: [CISSP-D] CISSP Certifications, erik.frambach
Indexes:  [Date] [Thread] [Top] [All Lists]