Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Management
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

defining change control severity

from [Laurin Buchanan] Network Security [Permanent Link]
Subject: defining change control severity
Date: Thu, 11 Aug 2005 17:12:07 -0400 
Greetings everyone,

We are currently trying to come to a working definition of 'major' versus
'minor' change in our development process. At present we have a weighted
scale that factors in the Type, Impact and Degree of Difficulty of the
change, as indicated below:

Type of Change  
 Version Upgrade (new system)   A
 Functional Enhancement                 B
 Bug Fix / Error Correction             C
        
Impact of Change        
 Direct Financial Statement Impact      A
 Direct Customer Function Impact        B
 Behind the scenes                      C
        
Degree of Difficulty of Change  
 Major Complexities                     A
 Minor Complexities                     B
 Straight Forward - nothing complex     C
        
If there is an "A" in any of the three categories, it is deemed a major
change. A response of all "B" is likewise deemed major; everything else is
minor.

This is rudimentary at best and still involves judgment calls by
individuals, something we'd like to keep to a minimum. If anyone has
suggestions based on their own work in this regard or can provide links to
useful reference material, I'd appreciate hearing from you.

Thanks in advance, 

Laurin Buchanan, CISSP
Information Security 
MSC Industrial Direct
v: 516.812.1358
This e-mail is intended for the use of the addressee(s) only and may contain
privileged, confidential, or proprietary information that is exempt from
disclosure under law. If you are not the intended recipient, please do not
read, copy, use or disclose the contents of this communication to others.
Please notify the sender that you have received this e-mail in error by
replying to the e-mail. Please then delete the e-mail and destroy any copies
of it. Thank you.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Bay Area Security User Group, Salaets, Steven
Next by Date:  Re: Is there any way to measure IT Security??, Andrew Stewart
Previous by Thread:  Bay Area Security User Group, Salaets, Steven
Next by Thread:  RE: defining change control severity, Brunner, Mark
Indexes:  [Date] [Thread] [Top] [All Lists]