Security Basics mailing list archives
Re: Question regarding the best practicies on information security structure within the organization
From: Clement Dupuis <clement.dupuis () gmail com>
Date: Wed, 29 Jun 2011 22:41:20 -0400
Your message mentions: with technically skilled people that decide which information security precautions are taken I have very rarely seen Technical People decide on security. If they do something is wrong. However, I can see technical people implementing mechanisms required to achieve the company security goals which would be define in the company overall security plan. It has to start at the top to be effective. Management will provide you with time, people, and money. All three are necessary to achieve security. You need an holistic view and not only an administrative, or technical, or physical view. All three aspects must be followed. Best regards Clement Clement Dupuis, CD Chief Learning Officer (CLO) and Security Evangelist SecureNinja An Insyte Company Phone : +1 407 479 3903 Mobile: +1 407 433 6444 Fax: +1 407 264 8396 Skype: clementdupuis Email: clement () secureninja com Web: www.secureninja.com 901 N. Pitt Street, Suite 105 Alexandria, VA 22314 In Cyberspace: Clement Dupuis, CD President/Founder/Chief Security Evangelist The CCCure Family of Portals ---------------------------------------------------------------------------------------------- Maintainer of : The CCCure Family of Portals http://www.cccure.org The Professional Security Testers Warehouse http://www.professionalsecuritytesters.org Knowledge sharing and giving back to the community -------------------------------------------------------------------------------------------------------
Call me to get the best CISSP, Security+, or other Security related training <<
------------------------------------------------------------------------------------------------------- On Wed, Jun 29, 2011 at 06:21, <websicher () gmail com> wrote:
Hi M., According to my experience the bigger a company is the lesser one is taking care of information security (other people may have other experiences) Of course officially it's always a "big topic", but oftentimes the only result is a high amount of self-defined bureaucracy without no one knowing any details on e.g. the technology of websites they are assessing. At least in my experience only in very rare cases there's a dedicated person / department available with technically skilled people that decide which information security precautions are taken. I've tested various websites in the pharma business with the result that most of them are medium - highly vulnerable against web attacks. Therefore I conclude that IT security and associated processes oftentimes exist on the paper, but that indeed they aren't "lived actively". That's concerning bigger companies only - maybe others can post their experience with smaller companies or from other perspectives. BR Pascal ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Question regarding the best practicies on information security structure within the organization milen . 83bg (Jul 02)
- Re: Question regarding the best practicies on information security structure within the organization gold flake (Jul 05)
- <Possible follow-ups>
- Re: Question regarding the best practicies on information security structure within the organization websicher (Jul 04)
- Re: Question regarding the best practicies on information security structure within the organization Clement Dupuis (Jul 04)
- RE: Question regarding the best practicies on information security structure within the organization vedantamsekhar () gmail com (Jul 05)