Security Basics mailing list archives
RE: Is there any way to measure IT Security??
From: "Marriott, Bill (US - Dallas)" <bmarriott () deloitte com>
Date: Wed, 3 Aug 2005 15:55:22 -0400
This is a good list, but somewhat incomplete. I think you should consider that security is not a destination, it is a process. There are plenty of sources out there that you can measure yourself against, from a process point of view. Check out the ISO17799 standard or the BS7799 standard, they outline the processes which go into a well developed security program. Or look at the Generally Accepted Information Security Principles (under development - http://www.issa.org/gaisp/gaisp.html). The NSA IAM/IEM is a methodology for managing controlled penetration/vulnerability for a particular system/app. The OWASP is for web application testing. These might give you an idea of security posture of one server or application, but not overall for your company. This kind of testing makes up a small amount of managing a secure organization. Take a look at the new ISO version, 2005. This fall, there will be a different ISO standard, 27001, which will allow a company to be certified against the standard. http://www.iso.org/iso/en/commcentre/pressreleases/2005/Ref963.html Hope that helps. /bpm -----Original Message----- From: John Alexander [mailto:aj () adexec com] Sent: Wednesday, August 03, 2005 4:21 AM To: Gary Everekyan; irony () trini org; toto () playon co id Cc: pen-test () securityfocus com; security-management () securityfocus com; secpapers () securityfocus com; focus-linux () securityfocus com; libnet () securityfocus com; firewalls () securityfocus com; security-basics () securityfocus com Subject: Re: Is there any way to measure IT Security?? Basically IT Security covers a gamut of areas, i am just listing some , on the fly * Antivirus Solutions * Intrusion Prevention * Intrusion Detection * Patch Management * Firewall * VPN Gateway * Vulnerability Assessment & Reporting * Identity Access Management (single-sign-on, SOX/HIPAA/GLB compliance....) * Network Security * Security Policy Compliance Management * AntiSpam (mail protection software) * Web Content Filtering I'm not sure whether we have one-size-fits-all solution which can help us in measuring your enterprise IT Security posture. I can list some good tools i have come across personally like NMap, ScanFi, Nessus, IdentityAccess Manager,GFI ....but the list is endless, so give them a try in google :-) ----- Original Message ----- From: "Gary Everekyan" <karo.onnik () bluetie com> To: irony () trini org, toto () playon co id Subject: Re: Is there any way to measure IT Security?? Date: Tue, 02 Aug 2005 14:32:30 -0400
Google Risk reporting and you will get whole list of research links. It would also be helpful to look at owasp www.owasp.org HTH Regards, Gary Everekyan CISSP, CISM, ISSAP, ISSPCS, MCSE, MCT garyeve () Microsoft com "High achievement always takes place in the framework of high expectation" -Jack Kinder -----Original Message----- From: "Larry Marin (Irony Account)" [irony () trini org] Date: 08/02/2005 01:09 PM You should check out NSA IAM/IEM Methodology...it works well for me. http://www.iatrp.com/iam.cfm Toto A Atmojo wrote:Dear all, Currently I'm looking for a tool, or a technique to measure IT
security?
The baseline for security is CIA (Confidentiality, Integrity and Availability), that is every organization which want to called secure must be guarantee that their system comply this matter. But the problem is, we need a tool/technique to measure how secure are we. Therefore, wee need a tool/technique to measure how close that our system status now to CIA. Please share your experience about this matter. If there any link about this issue, I really appreciate if you share to us (You may contact me privately) . Best Regs, Toto
-- ___________________________________________________________ Sign-up for Ads Free at Mail.com http://promo.mail.com/adsfreejump.htm ------------------------------------------------------------------------ ------ FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't Learn the hacker's secrets that compromise wireless LANs. Secure your WLAN by understanding these threats, available hacking tools and proven countermeasures. Defend your WLAN against man-in-the-Middle attacks and session hijacking, denial-of-service, rogue access points, identity thefts and MAC spoofing. Request your complimentary white paper at: http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801 ------------------------------------------------------------------------ ------- This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, you should delete this message. Any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. [v.E.1]
Current thread:
- RE: Is there any way to measure IT Security?? Jose Varghese (Aug 02)
- <Possible follow-ups>
- Re: Is there any way to measure IT Security?? John Alexander (Aug 03)
- Re: Is there any way to measure IT Security?? Alberto Cardona II (Aug 03)
- RE: Is there any way to measure IT Security?? Marriott, Bill (US - Dallas) (Aug 03)