Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Management
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Standards Compliance Software or Guidlines?

from [Phil Hollows] Network Security [Permanent Link]
Subject: RE: Standards Compliance Software or Guidlines?
Date: Tue, 26 Oct 2004 22:42:43 -0400 
There are lots of audit and compliance links on auditnet.org
 
Phil

        -----Original Message----- 
        From: Non Proprio [mailto:non@synaxis.org] 
        Sent: Tue 10/26/2004 6:12 PM 
        To: Andre Derek Protas 
        Cc: security-management@securityfocus.com 
        Subject: Re: Standards Compliance Software or Guidlines?
        
        

        We wrestled with the issue of how to assess Sarbanes Oxley. ISO17799 
(for us) was just a method to help meet our obligations under SOX and HIPAA.
        
        Some of the best audit guides I'm aware of are online at www.isaca.org, 
which is the home site for CoBiT. I've not tried any of the software packages, 
since what I did was to figure out how the different standards could be used to 
map a cogent overall Infosec policy. Not sure that the end result necessarily 
measured up to that, but I did a fair amount of work analyzing CoBit, ISO17799 
(2000 and 2002).
        
        I know that doesn't hit the answer square on the head, but I'm not sure 
such a comprehensive piece of software exists.
        
        
        
        On Oct 25, 2004 09:51 PM, Andre Derek Protas <randori82@hotmail.com> 
wrote:
        
        > Iâm trying to find some good resources out there for some good 
compliance
        > software or guidelines for the following audits:
        >
        > Sarbanes-Oxley
        >
        > FFIEC
        >
        > HIPAA
        >
        > ISO 17799
        >
        > 
        >
        > Anyone have any good suggestions?  Every website Iâve come across 
from
        > googling is wanting money, and itâs nearly impossible to just get 
some good
        > information on any of them with relation to an IT audit.
        >
        > 
        >
        > Thank you in advance,
        >
        > 
        >
        > Andre Derek Protas
        >
        > 
        >
        >
        > ---
        > Outgoing mail is certified Virus Free.
        > Checked by AVG anti-virus system (http://www.grisoft.com).
        > Version: 6.0.778 / Virus Database: 525 - Release Date: 10/15/2004
        >
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Guide for Business Impact Analysis, saikrishna
Next by Date:  Re: Security Classifications, alan_willcox
Previous by Thread:  Re: Standards Compliance Software or Guidlines?, Jon Miller
Next by Thread:  Integrity metrics ?, Nicolas Stampf
Indexes:  [Date] [Thread] [Top] [All Lists]