So I'm interested in Wish number #1. I'm not sure I fully understand
what you think could help manage the day to day life in the info sec
dept.
Can you expand?
As for the others I'd be interested in the different sites people have
for policies.
Jason Bevis
CISSP, ISSMP
-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
On Behalf Of seclists008 (at) hushmail (dot) com [email concealed]
Sent: Wednesday, February 07, 2007 9:34 AM
To: psrc (at) securityfocus (dot) com [email concealed]
Subject: Re: Food for Thought
I hope people are going to wake up and smell the coffee about
compliance. You can't buy technical security tools to help you achieve
compliance against many of the regulations. As soon as people realize
that we can all focus on the important work.
I hope finally people will stop focusing on the network and focus on the
information.
5 Wishes
1. Someone would build a decent open source platform to manage day to
day life in an info sec dept. I am tired of building things myself.
2. Someone will educate regulators / regulators will consult the
industry about best practices. Note PCI specifiying web application
firewalls is almost criminal 3. People will get back to basics and then
tackle the cream 4. Someone releases some decent policies and standards
for free!
5. My boss will roll up in a heap and keel over
ListStimulation(nudge);
Anyone playing the "Whats hot and whats not at RSA this week"? More NAC,
less DAC or is it more red buttons and tools with compliance written on
the box? Is there anything truly cool happening in the security industry
today?
If not why not? If yes, what is it? If you had 5 wishes on the industry
what would they be?
ListStimulation(relaxed);
--
Click for free info to become an interior designer & be your own boss
http://tagline.hushmail.com/fc/CAaCXv1QGcWmKQwg4WLEoonedZdjtvZT/
what you think could help manage the day to day life in the info sec
dept.
Can you expand?
As for the others I'd be interested in the different sites people have
for policies.
Jason Bevis
CISSP, ISSMP
-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
On Behalf Of seclists008 (at) hushmail (dot) com [email concealed]
Sent: Wednesday, February 07, 2007 9:34 AM
To: psrc (at) securityfocus (dot) com [email concealed]
Subject: Re: Food for Thought
I hope people are going to wake up and smell the coffee about
compliance. You can't buy technical security tools to help you achieve
compliance against many of the regulations. As soon as people realize
that we can all focus on the important work.
I hope finally people will stop focusing on the network and focus on the
information.
5 Wishes
1. Someone would build a decent open source platform to manage day to
day life in an info sec dept. I am tired of building things myself.
2. Someone will educate regulators / regulators will consult the
industry about best practices. Note PCI specifiying web application
firewalls is almost criminal 3. People will get back to basics and then
tackle the cream 4. Someone releases some decent policies and standards
for free!
5. My boss will roll up in a heap and keel over
ListStimulation(nudge);
Anyone playing the "Whats hot and whats not at RSA this week"? More NAC,
less DAC or is it more red buttons and tools with compliance written on
the box? Is there anything truly cool happening in the security industry
today?
If not why not? If yes, what is it? If you had 5 wishes on the industry
what would they be?
ListStimulation(relaxed);
--
Click for free info to become an interior designer & be your own boss
http://tagline.hushmail.com/fc/CAaCXv1QGcWmKQwg4WLEoonedZdjtvZT/
[ reply ]