Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: tunnel vs open a hole

From: mag () bunuel tii matav hu (Magosányi Árpád)
Date: Fri, 11 Apr 2003 06:11:32 +0000
A levelezőm azt hiszi, hogy George Capehart a következőeket írta:

professionals.  There *does* exist a well-defined IT governance model:  
see http://www.isaca.org/cobit.htm.  There is also a model for 
accountability that I personally like (but at which everyone would like 
to duck and run for cover) . . . see 
http://csrc.nist.gov/sec-cert/SP-800-37-v1.0.pdf (the certification and 


My favourite mania recently!

Add BS7799-2:2002 (not to be confused with ISO17799, which is a crap), and you have the whole
IT security covered. Just realize that which methodology is the best for
which area (CC: technical controls and requirements, Cobit: processes,
roles, and responsibilities, BS7799-2: process control modell) and 
understand that IT security is a continually enhancing and changing process
which should be handled in an integrated way with other process control
modells: ISO900x, IT strategy, etc.
All of these methodologies (maybe with the exception of CC) try to cover
all areas of security, but they all have _one_ area where they are
useable. And of course a methodology is just a methodology. To make
it useful, you have to use your brain and common sense.

-- 
GNU GPL: csak tiszta forrásból
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: