Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

TruSecure Organization

From: tony tony <tonytorri () yahoo com>
Date: Thu, 9 Jan 2003 18:23:17 -0800 (PST)
David/Tony, 

In our organization, we recently entered into a similar agreement with
TruSecure (without my blessings/input).  Our CIO just wants their certification
stamp....little does he realize the resistance/apathy for security by our
people (ie server/router/firewall).  I will have to play "middle man" between
TruSecure and the IS folks and my concern is that if we do not get certified,
then our group will get the blame. 

Tony
IS Security Manager


--- David Eaves <ideaves () yahoo com> wrote:

I was thinking about a partnership with them about six months ago, and
found that they are a mixed for-profit corporation (with reasonably
good business rep), and a not-for-profit network security organization
trying to promote a security certification to serve the commercial
purposes of the for-profit part. Which made me pull back. Real security
is not proprietary.

Do business with the corporation, knowing full-well that they are in
business to turn a profit like any of us. They seem competent and
reasonably well run, but I'd steer clear of their proprietary cert and
any claims it has other than legally binding assumption of liability.
Make sure one of their CISA or CISSP personnel signs the audit.. that's
what really matters. 

Consider the free CIS rulers as a more objective measure:

http://www.cisecurity.org

I'd be curious myself about details of how well they interface day to
day.

Dave Eaves
Internet Security Corporation

--- Tony Toni <tony572000 () hotmail com> wrote:

From: "Tony Toni" <tony572000 () hotmail com>
To: CISACA-L () purdue edu, SECURITY-BASICS () SECURITYFOCUS COM
Subject: TruSecure Organization
Date: Thu, 09 Jan 2003 18:51:00 +0000

Hi,

Has anyone used TruSecure Organization to supplement their security
efforts? 
   A short background is our IT Department will be using the
TruSecure to 
help ensure that the security for servers (Unix, Win2K/Nt, Aix) and
Cisco 
routers is proper.  I was curious about how the following groups
interfaced 
their daily work efforts with TruSecure: internal/external auditors,
IT 
Security, Server/Network Staff, etc.


Tony CIA,CISA,CDP,MBA
Security and Audit Services
Nations Banking & Trust



__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com



__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
Previous By Date Next
Previous By Thread Next

Current thread: