Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Benchmarking security posture

from [ttate] Network Security [Permanent Link]
Subject: Benchmarking security posture
Date: Thu, 21 Dec 2006 1:35:21 PM+0500 
I just got out of an interesting meeting with several executives (primarily in 
audit, finance & treasury). This was really the first opportunity that I have 
had to sit with this group and discuss infosec as a business requirement versus 
compliance requirement. So, I went into the meeting thinking it would be a 
session to talk about awareness of risks and the tenets of infosec (CIA, 
protect, detect, respond and recover). I had a wakeup call from this group and 
am looking to you as my peers for some help in the areas where I could use some 
assistance in communicating to the business leaders. 
Basically I came across as talking at too abstract of a level without details 
about security and how it affects my company. This was even with using specific 
examples of "we can pursue XYZ type of business if we have these ABC types of 
security practices in place". My question to the attendees was: what types of 
business do you want to be in? Basically, I was using the approach that 
security can be a business enabler and not just an insurance policy. We are a 
manufacturing company. I was also trying to get a better understanding of the 
types of customers we currently serve and what the risk is if any data from 
those types of business is compromised. You know the analogy that infosec is 
like the brakes on a car, they are not there to slow you down but so you can go 
faster. Maybe you can get better use of that analogy than I can ;) 
The result of this conversation was that I was told that I should know enough 
about the business to propose a plan that is benchmarked against other similar 
sized organizations in the same industries. So, where this leads me then is: 
Where do I find information about infosec postures at organizations similar in 
size ($500M-1B in revenues) and in industry (manufacturing)? I know that I can 
ask you folks as peers and I am definitely grateful and appreciate your 
assistance, but do you have any sources where you get similar information? 
Thanks for any feedback and hope everyone has a safe and happy holiday season & 
may 2007 be a great year for all!! 
Regards, 
Troy Tate
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  How important is FIPS 140-2 Level 1 cert?, Saqib Ali
Next by Date:  Re: Linux auditing checklist, documents, jsimmons
Previous by Thread:  How important is FIPS 140-2 Level 1 cert?, Saqib Ali
Next by Thread:  RE: Benchmarking security posture, Tony UcedaVélez
Indexes:  [Date] [Thread] [Top] [All Lists]