Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Management
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Question on Standards

from [Matthew Caston] Network Security [Permanent Link]
Subject: Re: Question on Standards
Date: Thu, 13 Jan 2005 13:28:32 -0600
Not to be too redundant here, but there's no silver bullet - while all of Martin's examples are accurate, I'm sure he would agree that it is not all inclusive, nor was intended to be. At the end of the day, there are probably more "standards" than people know what to do with them....particularly when you start to branch out your search parameters by industry and locale - Healthcare, FiServ, Energy in the US/Europe/PacRim...and so on????

So, to answer your question, I would probably suggest that you narrow your focus by locale/ industry, then company (mission, size et al) and then develop specific objectives based on the aforementioned. Then, and only then you can either a.) Hunker down to do some serious reading; or b.) Retain a specialist to help develop a standards roadmap (not an offer.) - that is, match you requirements to standards-related objectives/requirements

Good Luck!

Regards....

Martin Dion wrote:

Good afternoon

People = There is the People CMM from Carnegie Mellon
Customer Management = There is ITIL or Microsoft Operation/Solution
Framework
IT Process and IT Management = CoBIT, ITIL and CMMI
Software Development = XP, CMMI, RUP, Common Criteria, NIST, IEEE/ISO
Admin and Facilities = NIST, BS7799, RCMP, US Militaries

By the way, CoBIT is not that generic, it is a wide perception but if
you look at CoBIT in deep, it includes Performance Goal, KPI and Control
Objectives.

Martin Dion, CISM
Chief Technology Officer
FIRST Representative - AboveSecCERT

Above Security
Phone: (450) 430-8166 #103
Fax: (514) 370-8335
Cell: (514) 831-5427
Email: martin.dion@abovesecurity.com

This message and any attachments are confidential and intended solely
for the addressee. If you have received this message in error please
delete it and notify Above Security immediately, telephone number (450)
430-8166. Any unauthorized use, alteration or dissemination is
prohibited. Above Security accepts no liability whatsoever for any loss,
whether it be direct, indirect or consequential, arising from
information made available and actions resulting there from.

-----Original Message-----
From: sanjiv [mailto:ska262001@yahoo.co.in] Sent: January 13, 2005 4:31 AM
To: security-management@securityfocus.com
Subject: Question on Standards

What are the specific industry standards relevant to
1) People
2) Customer management
3) IT processes and IT management
4) Software development
5) Admin and facilities

We are not looking for a generic standard like COBIT
but standards which address each of these areas in
detail...

Best Regards,
Sanjiv Agarwala




__________________________________ Do you Yahoo!? All your favorites on one personal page - Try My Yahoo!
http://my.yahoo.com




[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Reviewing Policies and Procedures, Bob Kurth
Next by Date:  Re: Reviewing Policies and Procedures, Matthew Caston
Previous by Thread:  RE: Question on Standards, Martin Dion
Next by Thread:  ROSI, Zaklina Supica
Indexes:  [Date] [Thread] [Top] [All Lists]