Re: Security markers

["Shawn A. Corrello" <shawnc () legolas sinnerz us>]

What do you assess on a monthly basis? Do you do monthly 
vulnerability/risk assessments, ect?

A general security report may include things like:

-Review of security "incidents" which occurred, along with resolutions and 
long term corrective actions, ect.
-Review of discovered vulnerabilities and actions being taken to correct 
them.
-Review of security-related projects (security technology implemenations, 
ect).
-Review of completed routine security activities (log archival, number of 
remote connections logged, number of added users, number of terminated 
users, ect).

A general report like this is very contigent upon the security posture and 
infrastructure which you have in place- without knowing these details it's 
tough for me to postulate a better respose.

Good luck.
SC

On Sun, 2 Mar 2008, Martin M Samson wrote:

> Hi group!
>
>
> I'm building a security report for internal use.
>
>
> What would be the best markers to include in this monthly report to
> management?
>
>
> Right now we don't have any restriction on the number of items we can put in
> the report but we would like something concise.
>
>
>
> Thanks!
>
>
>
> Mork.