Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Management
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Policy-Procedure connection

from [alan_willcox] Network Security [Permanent Link]
Subject: Re: Policy-Procedure connection
Date: Tue, 19 Oct 2004 08:34:23 -0400 
Again, I recommend the ISF Standard of Good Practice, which encompasses 
ISO 17799 (it's a great complement to the ISO standard), and gives 
specific implementation specifications with regard to ownership review, 
etc. Based on our experience over the past year, I highly recommend it.
It's available for no charge at http://www.isfsecuritystandard.com/
--- Alan Willcox
The Vanguard Group
("The views expressed here are mine and do not reflect the official opinion 
of my employer or the organization through which the Internet was 
accessed".)





"Sharon Steinbock" <sharon@mimransteinbock.com>
10/18/2004 04:07 AM

 
        To:     <security-management@securityfocus.com>
        cc: 
        Subject:        Policy-Procedure connection





Hello,

I am looking at implementing an ISO 17799 framework.
Getting the policies right is not an easy task, but I find the topic
well documented, with many sample policies I can use.
However, when it comes down to "translating" my policies to specific
procedures I am lost. Some questions:
- Who should write each procedure? The procedure owner, his boss,
someone higher up?
- Where can I find some sample procedures?

Any other insight regarding the policy-procedure gap will be highly
appreciated.

Thanks,
Sharon
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Policy-Procedure connection, Sharon Steinbock
Next by Date:  RE: Policy-Procedure connection, Garbellini, Kate (AU - Melbourne)
Previous by Thread:  Policy-Procedure connection, Sharon Steinbock
Next by Thread:  RE: Policy-Procedure connection, Nimrod Steinbock
Indexes:  [Date] [Thread] [Top] [All Lists]