Security Basics mailing list archives
TruSecure Organization
From: tony tony <tonytorri () yahoo com>
Date: Thu, 9 Jan 2003 18:23:17 -0800 (PST)
David/Tony, In our organization, we recently entered into a similar agreement with TruSecure (without my blessings/input). Our CIO just wants their certification stamp....little does he realize the resistance/apathy for security by our people (ie server/router/firewall). I will have to play "middle man" between TruSecure and the IS folks and my concern is that if we do not get certified, then our group will get the blame. Tony IS Security Manager --- David Eaves <ideaves () yahoo com> wrote:
I was thinking about a partnership with them about six months ago, and found that they are a mixed for-profit corporation (with reasonably good business rep), and a not-for-profit network security organization trying to promote a security certification to serve the commercial purposes of the for-profit part. Which made me pull back. Real security is not proprietary. Do business with the corporation, knowing full-well that they are in business to turn a profit like any of us. They seem competent and reasonably well run, but I'd steer clear of their proprietary cert and any claims it has other than legally binding assumption of liability. Make sure one of their CISA or CISSP personnel signs the audit.. that's what really matters. Consider the free CIS rulers as a more objective measure: http://www.cisecurity.org I'd be curious myself about details of how well they interface day to day. Dave Eaves Internet Security Corporation --- Tony Toni <tony572000 () hotmail com> wrote:From: "Tony Toni" <tony572000 () hotmail com> To: CISACA-L () purdue edu, SECURITY-BASICS () SECURITYFOCUS COM Subject: TruSecure Organization Date: Thu, 09 Jan 2003 18:51:00 +0000 Hi, Has anyone used TruSecure Organization to supplement their security efforts? A short background is our IT Department will be using the TruSecure to help ensure that the security for servers (Unix, Win2K/Nt, Aix) and Cisco routers is proper. I was curious about how the following groups interfaced their daily work efforts with TruSecure: internal/external auditors, IT Security, Server/Network Staff, etc. Tony CIA,CISA,CDP,MBA Security and Audit Services Nations Banking & Trust__________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
__________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
Current thread:
- TruSecure Organization Tony Toni (Jan 09)
- <Possible follow-ups>
- TruSecure Organization tony tony (Jan 11)