RE: Question regarding the best practicies on information security structure within the organization

["vedantamsekhar () gmail com" <vedantamsekhar () gmail com>]

Hi,
As we all k ow aligning an org to info security requires entire org support top-down and not just the it or management. 
We need to first identifying what is important to the businesss what needs to be protected. Octave is one such standard 
that help in identifying crtical infomation assets and formulating the appropriate short time/long term mitigation 
strategies. Octave-s is specifically designend for smaller organizations.

Another part to keep the infr secure. Probably you can STIG check lists or nist standarads help you harden the 
applications secure. Yo may be also interested in having org wide vulnerabilty management programms to make the 
hardening/patch as a hobitt. Nist has given good document for orgwide vulnerability mgmt process.

Rwgulatory requirements/sla's sometime dectacte your company to follow specific standards (PCI,HIPAA...etc).
DSCI(one i  know of) is coming out with a comprehensive framework which an organization follow.
Case studies are available at these sites, which might give you idea how other orgnizations helped from these standards.

Thanks,

Sekhar

Sent from Mobile
-----Original Message-----
From: milen.83bg () gmail com
Sent:  27/06/2011 1:15:20 pm
Subject:  Question regarding the best practicies on information security structure within the organization


Hello all,
I need a hand on the following topic. I have the task to persuade my senior management the need of good information 
security structure within the organization. So I need something like best practicies and examples on the Information 
security structure within the organization. The idea is that they wanted an example how is done in different companies 
- medium size and large ones as well as some references to standards (currently I am referencing to ISO 27001 but they 
need more).
Please if possible guide me where I can get information about the good practices and real exapmles in how the 
information security is organized in differend companies.

Thank you in advance.
Regards,
M.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------



------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------