Security Basics mailing list archives
RE: Law office recommendations?
From: "Trevor Cushen" <Trevor.Cushen () sysnet ie>
Date: Tue, 18 Feb 2003 11:27:52 -0000
Hello Tim, I re-drafted my reply several times on this one. Firstly I hope it stays because it is a good topic. Anyway I would say go with the standards guideline ISO17799 (http://www.certificationeurope.com/isms.htm and other sites) which gives you a baseline to work with that is internationally recognised. Also gives you a stand point if challenged. What am I saying? "My opinion is you don't want a customer thinking your report is simply your opinion on what is a secure environment. Certainly go beyond the standards where you see fit but have reached a baseline for your customer. That way worst case scenerio they challenge your work then you can refer back to a recognised standard. The risk analysis is easy this way as you simple look for what controls from the standard they do not have in place." One thing I would like to point out is that the ISO17799 standard or the BS7799/IS17799 certification that can be achieved can be for PART of a company or a department in a company or even a service the company provides. One building even is enough. You scope the area for certification it does not have to be the whole building or the whole company. Do look further then the ISO7799 guidelines if you are considering certification, refer to your local certification body such as Certification Europe (http://www.certificationeurope.com). In your case Tim your customer may benefit greatly from achieving the standard and will be very happy with you for getting them to that level. I hope this helps and is relevent to you. Trevor Cushen Sysnet Ltd www.sysnet.ie -----Original Message----- From: Tim Heagarty [mailto:tim () heagarty com] Sent: 17 February 2003 17:36 To: security-basics () securityfocus com Subject: Law office recommendations? Hello, I wish to pick the collective brain for a moment if I may. I am working up an initial service quote for a law office of 100+ associates and 45+ attorneys. Do you have any recommendations of areas to be sure to get into the Risk Analysis? They've already been hit by Slammer and a script kiddie "pubber". I just want to be on my toes as I have not worked for attorneys before and all those sharks in the water makes me want to do this one really well. Also, if there's a more appropriate list for this I'd be glad to move this discussion to it. Thanks everyone, Tim Heagarty MCSE, MCP+I "There are only 10 kinds of people in the world, those that understand binary, and those that don't." Work: (928) 636-0489 Cell: (928) 533-9690 ************************************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this message in error please notify SYSNET Ltd., at telephone no: +353-1-2983000 or postmaster () sysnet ie **************************************************************************************
Current thread:
- Law office recommendations? Tim Heagarty (Feb 17)
- RE: Law office recommendations? Ken Kousky (Feb 18)
- <Possible follow-ups>
- RE: Law office recommendations? Vince Dang (Feb 18)
- RE: Law office recommendations? Trevor Cushen (Feb 18)
- RE: Law office recommendations? Mike Carney (Feb 19)
- Re: Law office recommendations? JohnNicholson (Feb 20)