Re: Paper on why I need a security Assessment

[jason.wang () us pwcglobal com]

Matt

  A good resource to turn to the CERT/CC at   http://www.cert.org

   You will find the necessary documentation in the reports section.   Here are
a few article titles you can search for:

     Avoiding the Trial-by-Fire Approach to Security Incidents
Moira West-Brown

     What Messages Are You Sending to Vendors?                    Moira
West-Brown, Shawn V. Hernan

Julia Allen from CERT leads a team that produces solid documentation and
presentation materials on the security assessments and
common pitfalls.    You can find some of those reports in the Security
Improvement Modules

I hope this helps

jtw






Matt McClung <mmcclung () ndwcorp com> on 02/01/2000 04:09:09 PM

Please respond to Matt McClung <mmcclung () ndwcorp com>





To:   firewall-wizards () nfr net
cc:
Subject:  Paper on why I need a security Assessment



I am looking for a good paper on why a company should perform a security
assessment.  Not the What is an assessment type of paper, but a WHY - If I
don't do anything then what?

Example:  If you don't check the configuration of your web server, you may
leave a default server setting that allows for a system compromise using a
well known scripting tool.

Anyone have a link to something like this?

Matt


----------------------------------------------------------------
The information transmitted is intended only for the person or entity to which
it is addressed and may contain confidential and/or privileged material.  Any
review, retransmission, dissemination or other use of, or taking of any action
in reliance upon, this information by persons or entities other than the
intended recipient is prohibited.   If you received this in error, please
contact the sender and delete the material from any computer.