Educause Security Discussion mailing list archives

Re: Resources - NIST, Cyber Law, Benchmarking

From: Tom Steuver <steuver () EXCHANGE NKU EDU>
Date: Mon, 28 Oct 2002 07:57:07 -0500

The URL for the Center for Internet Security is http://www.cisecurity.org
<http://www.cisecurity.org> .

Tom Steuver

---------------------------------------------------------------------
Thomas Steuver        Manager of Network Systems/Security Coordinator
steuver () nku edu       Information Technology
859-572-5299          Northern Kentucky University
---------------------------------------------------------------------

-----Original Message-----
From: Tracey Losco [mailto:tracey.losco () NYU EDU]
Sent: Thursday, October 24, 2002 12:11 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Resources - NIST, Cyber Law, Benchmarking


Hello Krizi,

These look like very useful resources.  The Center for Internet Security
also has a number of benchmarks available that you might find useful.  Take
a look at:

http://www.cis.org

We are currently working with them in developing an Oracle benchmark and
they are in the process of developing benchmarks for SQL and AIX.

Hope you find this useful,

Tracey

--------------------------------------------------------------------
Tracey Losco
Network Security Analyst                security () nyu edu
ITS - Network Services                  http://www.nyu.edu/its/security
New York University                      (212) 998 - 3433


PGP Fingerprint: 8FFB FE47 6156 7BF0  B19E 462B 9DFE 51F5



At 11:33 AM -0400 10/24/02, Krizi Trivisani wrote:

Hello,


I have received several emails and phone calls regarding NIST, Cyber Laws,
and security benchmarking so I thought I'd share a couple of resources.  I
hope you find them helpful.


Link to NIST's Security Assessment Framework
http://csrc.nist.gov/organizations/guidance/framework-final.pdf
<http://csrc.nist.gov/organizations/guidance/framework-final.pdf>


Training - Understanding Cyber Crime - a one day class that I found very
helpful in obtaining a better grasp of the laws that impact security and how
you design your incident response program.  I attached a more detailed copy
of what the class covers.  Contact Steve Surdu, Foundstone, 202-756-1338
steve.surdu () foundstone com if you would like more information.


Benchmarking
The Humanfirewall Council offers two FREE tools that allow you to benchmark
security awareness and security management practices.  A good way to find
out where you are today and in a year from now allows you to find out how
much progress you have made.  If enough Universities participate in the
benchmark surveys, we can find out where higher education stands as a whole
regarding security.  The link is:
http://www.humanfirewall.org/ <http://www.humanfirewall.org/>


Regards,
Krizi


*******************************
Krizi Trivisani, CISSP
Chief Security Officer
The George Washington University
202/994-7803
krizi () gwu edu





  ********** Participation and subscription information for this EDUCAUSE
Discussion Group discussion list can be found at
http://www.educause.edu/memdir/cg/.


Attachment converted: My_Covert_Stuff:Understanding_Cyber_Crime_Class
(WDBN/MSWD) (00009ABF)


********** Participation and subscription information for this EDUCAUSE
Discussion Group discussion list can be found at
http://www.educause.edu/memdir/cg/.


**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/memdir/cg/.

Current thread:

Resources - NIST, Cyber Law, Benchmarking Krizi Trivisani (Oct 24)
- <Possible follow-ups>
- Re: Resources - NIST, Cyber Law, Benchmarking Tracey Losco (Oct 24)
- Re: Resources - NIST, Cyber Law, Benchmarking Tom Steuver (Oct 28)
- Re: Resources - NIST, Cyber Law, Benchmarking Tracey Losco (Oct 28)