Security Basics mailing list archives
RE: Corporate Security Status
From: "James Kivisild" <james () kivisild com>
Date: Mon, 9 Feb 2004 22:30:13 -0500
I would like to develop a quarterly security review of my company I can hand to my boss. Basically, I want to create a one page high level summary of what we're doing right and where we are lacking. Does anyone know of any templates out there?You're really opening up something here...basically, a lot of questions. I think the biggest question you need to ask yourself is, what concerns your boss? After all, don't you think it would be an incredible waste of effort for you to put in a great deal of work on something that your boss has no interest in?
Respectfully, I must disagree. Your employer's opinion should have nothing to do with your security policy, or any reporting of such. You need to create a report that is honest and accurate. Your report should be as large as necessary. Don't skimp on details just to save space. If you think it's important, include it in the report. You are however, correct in including a high level summary. This executive summary should highlight the important findings and reference the details. If your boss wants to read about the specifics, he or she should be able to easily find them in the bulk of the report. If your executive summary doesn't contain anything that warrants further attention, so be it; keep the report for posterity and don't worry about the extra work. Don't do yourself and your company a disservice by tainting the truth. As for a standard template, I think that depends on the nature of your business. Make a checklist of the security practices you should follow for your industry, and report on how your company deviates from ideal conditions. As far as protecting your company from generic Internet based vulnerabilities, determine what your servers are susceptible to, and report as necessary. If you don't report something and it bites you in the butt, isn't it YOUR job on the line? Regards, James Kivisild --------------------------------------------------------------------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.astaro.com/php/contact/securityfocus.php ----------------------------------------------------------------------------
Current thread:
- Corporate Security Status Kip Sr. (Feb 09)
- Re: Corporate Security Status Meritt James (Feb 09)
- Re: Corporate Security Status Steve (Feb 09)
- Security presentation Nagy Gergely (Feb 10)
- Re: Security presentation Kelly Martin (Feb 10)
- Re: Security presentation Hollis Johnson (Feb 10)
- RE: Security presentation Nagy Gergely (Feb 11)
- Security presentation Nagy Gergely (Feb 10)
- <Possible follow-ups>
- Re: Corporate Security Status H Carvey (Feb 09)
- RE: Corporate Security Status James Kivisild (Feb 10)
- Re: Corporate Security Status Stephen Flanagan (Feb 10)
- RE: Corporate Security Status James Kivisild (Feb 10)
- Re: Corporate Security Status Parisi, Robert (Feb 09)
- RE: Corporate Security Status Cronican, John (Feb 10)