Firewall Wizards mailing list archives
RE: Paper on why I need a security Assessment
From: "Moore, James" <James.Moore () MSFC NASA GOV>
Date: Wed, 2 Feb 2000 11:14:58 -0600
Sounds like you're talking about risk management - that's the "why" for doing a security assessment. I'd recommend you take a look at some of the material at NIST's website first. They have done some good work, and their material is free of vendor/consultant bias - your tax dollars at work :). If you're interested go to: http://csrc.nist.gov and search for the following documents: NIST Special Publication 800-18, NIST Special Publication 800-12, (see Chap 7 for an overview, Chap 20 for a case study) Jim Moore 256.461.4381 ----------- PGP PUBLIC KEY FINGERPRINT ------------ 1D9C 3AC3 34E6 EEDF 22B9 7886 7797 6908 048F 049B ---------------------------------------------------
-----Original Message----- From: Matt McClung [SMTP:mmcclung () ndwcorp com] Sent: Tuesday, February 01, 2000 3:09 PM To: firewall-wizards () nfr net Subject: Paper on why I need a security Assessment I am looking for a good paper on why a company should perform a security assessment. Not the What is an assessment type of paper, but a WHY - If I don't do anything then what? Example: If you don't check the configuration of your web server, you may leave a default server setting that allows for a system compromise using a well known scripting tool. Anyone have a link to something like this? Matt
Current thread:
- Paper on why I need a security Assessment Matt McClung (Feb 01)
- Re: Paper on why I need a security Assessment Bennett Todd (Feb 02)
- RE: Paper on why I need a security Assessment Omar T. Fahnbulleh (Feb 06)
- Re: Paper on why I need a security Assessment Bennett Todd (Feb 06)
- RE: Paper on why I need a security Assessment Omar T. Fahnbulleh (Feb 06)
- <Possible follow-ups>
- Re: Paper on why I need a security Assessment Antonomasia (Feb 02)
- Re: Paper on why I need a security Assessment jason . wang (Feb 02)
- RE: Paper on why I need a security Assessment Doty, Ted (ISSAtlanta) (Feb 02)
- RE: Paper on why I need a security Assessment Moore, James (Feb 02)
- Re: Paper on why I need a security Assessment Bennett Todd (Feb 02)