Re: Security markers

[p1g <killfactory () gmail com>]

Shawn,

Good stuff. I like the projects section.

Amrtin,

I you have any long term goals/projects, you could report milestones
and deadlines that have been met.

RFQ?RFP you are in the process of writing.

Plans for future business cases.

Maybe staffing information. Like the amount of time being spent on
vairous functions.

-Rob

On 3/3/08, Shawn A. Corrello <shawnc () legolas sinnerz us> wrote:
> What do you assess on a monthly basis? Do you do monthly
> vulnerability/risk assessments, ect?
>
> A general security report may include things like:
>
> -Review of security "incidents" which occurred, along with resolutions and
> long term corrective actions, ect.
> -Review of discovered vulnerabilities and actions being taken to correct
> them.
> -Review of security-related projects (security technology implemenations,
> ect).
> -Review of completed routine security activities (log archival, number of
> remote connections logged, number of added users, number of terminated
> users, ect).
>
> A general report like this is very contigent upon the security posture and
> infrastructure which you have in place- without knowing these details it's
> tough for me to postulate a better respose.
>
> Good luck.
> SC
>
> On Sun, 2 Mar 2008, Martin M Samson wrote:
>
> > Hi group!
> >
> >
> > I'm building a security report for internal use.
> >
> >
> > What would be the best markers to include in this monthly report to
> > management?
> >
> >
> > Right now we don't have any restriction on the number of items we can put in
> > the report but we would like something concise.
> >
> >
> >
> > Thanks!
> >
> >
> >
> > Mork.


-- 
-p1g
SnortCP, C|HFI, TNCP, TECP, NACP, A+
  ,,__
o"     )~  oink oink
   ' ' ' '

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White House cybersecurity czar Richard Clarke