Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Management
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Reviewing Policies and Procedures

from [Khan, Imran \(Imran\)] Network Security [Permanent Link]
Subject: RE: Reviewing Policies and Procedures
Date: Fri, 14 Jan 2005 19:45:19 -0500 
Folks, 

Charles Cresson Wood http://www.baselinesoft.com/products.html is an
excellent resource to have.

In addition, you might want to look into Callio  http://callio.com/. It is a
policy definition and deployment software based on ISO17799.  

Cheers, 
IK

-----Original Message-----
From: Matthew Caston [mailto:mattcaston@mchsi.com]
Sent: Thursday, January 13, 2005 2:39 PM
To: Chris Downing
Cc: security-management@securityfocus.com
Subject: Re: Reviewing Policies and Procedures


Chris Downing wrote:


Another popular one I've used, also based on the ISO standard, is NetIQ's
"Security Polcicies Made Easy."

Chris Downing  CISM CISSP

-----Original Message-----
From: arif.jatmoko@sea.ccamatil.com [mailto:arif.jatmoko@sea.ccamatil.com] 
Sent: Thursday, January 13, 2005 3:18 AM
To: security-management@securityfocus.com
Subject: Re: Reviewing Policies and Procedures




Hi,

The best sources for policy and procedure are based on ISO17799, the common
standard of security industries. However if you lookin for some sort of
security policy template, you could try RuSecure - Information Security
Policies at www.rusecure.co.uk. It's a collection of security policies
template based on ISO17799, but it's not free.
SANS also good source for policy reference :
http://www.sans.org/resources/policies.

good luck.

Arif Jatmoko
|+-------------------------------+----------------------------------------|
||   "Miller, Joseph"            |                                        |
||   <Joseph_Miller@jeffersonwell|           To:                          |
||   s.com>                      |   <security-management@securityfocus.co|
||                               |   m>                                   |
||   01/13/2005 06:12 AM         |           cc:        (bcc: Arif        |
||                               |   Jatmoko/IDN/SEA/CCA)                 |
||                               |           Subject:        Reviewing    |
||                               |   Policies and Procedures              |
||                               |                                        |
|+-------------------------------+----------------------------------------|


First - CW's  Policies Made Easy is a terrible resource, it's nothing more

than a clearing house (a massive one, at that)  of oftentimes outdated
policy material.  There is no single resource for reviewing policy, as Good
Policy is context-based, and should be organization specific.  That is to
say, simply having a well-written policy does not a good policy make....it
needs to be supported, enforced, measured and practical.  It should also
support the organization business and Risk Management objectives; as should
the underlying process and standards documentation.  You should view
policies in a heirarchical contaxt looking for language  which shows the
policy was crafted to meet a specific risk management objective and that it
is consistently enforced and measured. "Secure Internet Practices" (by
METASeS) ISBN 0-9704049-0-5 is one of the better books dealing with the
entire Policy and securirty managment lifecycle,  as it puts the Policy
Problem in context and looks at Security Policy from a Risk Management
perspective.  DISCLOSURE: I am a former employee of and am  listed as a
technical reviewer for this publication but am not compensated for its sale
and do not currently work for METASeS (META Security Group)  You should be
able to get a used copy on Amazon for under 20....

 


Good Luck!





Hello,
I am a rookie at reviewing policies and procedures for information security
and IT controls.  Is there an online resource I can use to locate a
checklist of P-n-Ps?  One of my tasks is to assure that all network
infrastructure, server and mainframe subject matters are addressed?

Joe Miller
Jefferson Wells
Project Professional
Technology Risk Management
(480)540-3588



-----------------------------------------
********* Internet Email Confidentiality *********

The information contained in this message may be privileged and
confidential and protected from disclosure. If the reader of this message
is not the intended recipient, or an employee or agent responsible for
delivering this message to the intended recipient, you are hereby notified
that it is strictly prohibited (a) to disseminate, distribute or copy this
communication or any of the information contained in it, or (b) to take any
action based on the information in it. If you have received this
communication in error, please notify us immediately by replying to the
message and deleting it from your computer.


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Reviewing Policies and Procedures, Shane . Spencer
Next by Date:  ROSI, Zaklina Supica
Previous by Thread:  RE: Reviewing Policies and Procedures, Bob Kurth
Next by Thread:  RE: Reviewing Policies and Procedures, Miller, Joseph
Indexes:  [Date] [Thread] [Top] [All Lists]