Re: Security Starts With Policies

[Michael Lubinski <michael.lubinski () gmail com>]

I realize this is a huge question and most of the times unanswerable.
Building a policy structure for a company, then implementing it from the
ground up, is a huge undertaking and has me a bit overwhelmed. Bit by bit I
guess.

On Tue, Mar 1, 2011 at 7:53 AM, Chesmore, Michael [DAS] <
Michael.Chesmore () iowa gov> wrote:

> Wow, huge question….
>
>
>
> Not sure that this will be all that helpful but there is a pretty good book
> on Security Metrics called “Security Metrics, Replacing Fear, Uncertainty
> and Doubt” by Andrew Jaquith
>
>
>
> I like the ideas in it but liking ideas and implementing them are worlds
> apart sometimes.
>
>
>
> Mike
>
>
>
> *From:* pauldotcom-bounces () mail pauldotcom com [mailto:
> pauldotcom-bounces () mail pauldotcom com] *On Behalf Of *Michael Lubinski
> *Sent:* Monday, February 28, 2011 2:10 PM
> *To:* Pauldotcom () mail pauldotcom com
> *Subject:* [Pauldotcom] Security Starts With Policies
>
>
>
> As it stands many think that security starts with solid policies and
> procedures. Every good policy and procedure will have a scope. I am in the
> midst of taking an organization and applying some best practices with some
> audit requirements. How do you scope a project that is based on best
> practices and encompasses everything from servers, routers, switches,
> firewalls, and unused network drops?
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com