Hi Jeff,
I don't have any links on any case study's but if you are looking at
implementing an information security management system for a large
organisation you should be looking in the direction of industry standards
and legislation in your country.
ISO 17799 is worth looking into for certification or just to receive the
publications as a reference. 17799 details the required steps to
implementing an Information Security Management System. A benefit you will
see of using such a standard is using a risk based to handling information
security instead of a sys admin best practise approach. By implementing
17799 you will see policy's and procedures flowing through different areas
of your organisation ultimately changing the culture of an organisation to
be more security focused.
Sans has some example policies.
http://www.sans.org/resources/policies/
NIST and RFC's are also a great place to look.
http://csrc.nist.gov/publications/nistpubs/
The Institute for Security and Open Methodologies (ISECOM) also has a open
source testing methodology.
http://isecom.securenetltd.com/osstmm.en.2.1.pdf
Hope some of these links help you out.
Kind Regards,
Jason Tedesco
_____
From: Jeffrey Choi [mailto:jeffreychoi77@yahoo.com]
Sent: Monday, 4 October 2004 2:10 PM
To: security-management@securityfocus.com
Subject: practical Security Management reference
Hi add,
can anyone recommend some practical information security management
reference book?
better with real world case studies showing how other large enterprises
manage their information security rather than only theoretical ones.
thx
Jeffrey
_____
<http://uk.rd.yahoo.com/evt=21626/*http://uk.messenger.yahoo.com> ALL-NEW
Yahoo! Messenger - all new features - even more fun!
