Security Basics mailing list archives
Re: Basic Computer Security Advice Needed
From: "Kurt Buff" <kurt.buff () gmail com>
Date: Fri, 16 May 2008 12:31:44 -0700
The SANS Reading Room is your friend - look for it on http://www.sans.org. Also, a couple of words of advice. First, make sure that the OSes you're using are supported by the vendor. If any of them are too old for vendor support ('fer instance, Win9x, and Pre-OSX Macs) make sure they don't have access to the Internet, or any network, for that matter. Second, make sure they're patched. Beyond that, what you need to do will depend on your circumstances. Kurt On Fri, May 16, 2008 at 10:52 AM, Mark Goodridge <mrgoodridge () roadrunner com> wrote:
I am what passes for the computer technology guy at a small elementary school. I'm trying to improve the security of the information we store on our computers and I hope this list can give me some advice. First, I'm looking for an appropriate definition of information security as it would apply to my situation. "If I don't know what it is, how will I know when I've found it?" Second, I need to write a policy or a checklist, or a document of some sort we can use to evaluate, monitor, and improve our computer/information security. We're constrained by time, training, and money. Any policy I devise has to be capable of being implemented and managed by people with modest computer skills (the equivalent of the CompTIA A+ or Network+) with limited time available, and for all practical purposes, no funding. I realize that under these circumstances an extremely high level of security is unobtainable and probably unnecessary in any event. What I hope to be able to do it to make the information on the LAN secure from the casual hacker and all but the most persistent attacks from those who might deliberately target our network. Can you direct me toward any resources; particularly security definitions, security frameworks, or security policies that you think might assist me? I have done the usual Google searches and come up with an overwhelming list of web sites but I was wondering if you knew of anything that specifically addressed my problem. Thank you for your assistance, Mark Goodridge
Current thread:
- Getting the value of an asset and the probability of a risk to it, (continued)
- Getting the value of an asset and the probability of a risk to it Rivest, Philippe (May 16)
- RE: Getting the value of an asset and the probability of a risk to it Sergio Castro (May 16)
- Re: Getting the value of an asset and the probability of a risk to it Jon Kibler (May 17)
- RE: Getting the value of an asset and the probability of a risk to it Craig Wright (May 18)
- RE: Getting the value of an asset and the probability of a risk to it Murda Mcloud (May 20)
- RE: Getting the value of an asset and the probability of a risk to it Craig Wright (May 21)
- Getting the value of an asset and the probability of a risk to it Rivest, Philippe (May 16)
- RE: Getting the value of an asset and the probability of a risk to it Craig Wright (May 18)
- RE: Getting the value of an asset and the probability of a risk to it Rivest, Philippe (May 20)
- RE: Getting the value of an asset and the probability of a risk to it Craig Wright (May 21)
- Re: Getting the value of an asset and the probability of a risk to it Jon Kibler (May 16)
- Re: Basic Computer Security Advice Needed Gustavo V G C Rios (May 18)
- Re: Basic Computer Security Advice Needed Gleb Paharenko (May 20)