Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Corporate Security Status

From: "James Kivisild" <james () kivisild com>
Date: Mon, 9 Feb 2004 22:30:13 -0500
I would like to develop a quarterly security review of
my company I can hand to my boss. Basically, I want to
create a one page high level summary of what we're
doing right and where we are lacking. Does anyone know
of any templates out there?


You're really opening up something here...basically, a lot of 
questions.  I think the biggest question you need to ask 
yourself is, what concerns your boss?  After all, don't you 
think it would be an incredible waste of effort for you to 
put in a great deal of work on something that your boss has 
no interest in?


Respectfully, I must disagree. Your employer's opinion should have
nothing to do with your security policy, or any reporting of such. You
need to create a report that is honest and accurate. Your report should
be as large as necessary. Don't skimp on details just to save space. If
you think it's important, include it in the report. You are however,
correct in including a high level summary. This executive summary should
highlight the important findings and reference the details. If your boss
wants to read about the specifics, he or she should be able to easily
find them in the bulk of the report. If your executive summary doesn't
contain anything that warrants further attention, so be it; keep the
report for posterity and don't worry about the extra work. Don't do
yourself and your company a disservice by tainting the truth.

As for a standard template, I think that depends on the nature of your
business. Make a checklist of the security practices you should follow
for your industry, and report on how your company deviates from ideal
conditions. As far as protecting your company from generic Internet
based vulnerabilities, determine what your servers are susceptible to,
and report as necessary.

If you don't report something and it bites you in the butt, isn't it
YOUR job on the line?

Regards,
James Kivisild



---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.astaro.com/php/contact/securityfocus.php
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: