Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Management
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: A question on security guidelines

from [Bemis, Brad] Network Security [Permanent Link]
Subject: RE: A question on security guidelines
Date: Thu, 23 Sep 2004 09:22:56 -0700 
SANS has an ISO 17799 Audit Document that you can download...  Might be
useful if you decide to go this route.  I am also a big fan of COBIT for
this type of work.  
 
Thanks,

========================
Brad Bemis, CISSP, CISA, CBCP
Supervisor - Enterprise Security
Nordstrom, Inc.
========================
Nordstrom's commitment to
superior customer service extends
to proper protection of the sensitive
personal information entrusted to us
by our customers.

 

  _____  

From: Richard.Sullivan@neupart.com [mailto:Richard.Sullivan@neupart.com]

Sent: Thursday, September 23, 2004 8:45 AM
To: miker@otunet.com; security-management@securityfocus.com
Subject: Re: A question on security guidelines



Hi Mike, 

In a perfect world, the client's written security policy should be
comprehensive enough to cover all areas of information security, then
you could simply check each policy rule against their actual practice to
make sure it's in compliance. However, in the real world that's not
usually the case. Many companies have been failing Sarbanes-Oxley audits
at the policy step, which is the first thing the auditors look at. And
I'm talking about companies you'd think would know better. 

The ISO 17799 standard is excellent to use as a guide for verifying
every aspect of a security program. There are lots of web sites with
such guidelines posted, but if there's no policy in place, you're just
wasting your time and theirs.

- Rich          





Mike Rodriques <miker@otunet.com> 

09/23/2004 12:02 AM 
Please respond to
miker@otunet.com


To
security-management@securityfocus.com 
cc
Subject
A question on security guidelines

        






I am wondering if you all can point me in the right direction to find a
template or guide that I can use to evaluate the overall security on a
client network.  I am looking for something along the lines of a
questionnaire or something of that nature.


Thanks in advance


Mike Rodriques
Principal
Open Technologies Unlimited
"We make IT go"
mailto:miker@otunet.com
http://www.otunet.com
(914) 481-6128
(914) 481-6133 Fax
(914) 548-5646 Mobile
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: A question on security guidelines, Javier Blanque
Next by Date:  RE: A question on security guidelines, Lundgren, Freddy
Previous by Thread:  [Full-Disclosure] Buliding computer security infrastructure for a country., First Last
Next by Thread:  RE: A question on security guidelines, Lundgren, Freddy
Indexes:  [Date] [Thread] [Top] [All Lists]