Policy, Standards, Regulations & Compliance Mode:
(Page 1 of 12)  1 2 3 4 5 6 7 8 9 10 11  Next >
Change of Moderator, Administrivia and ISM Community Update 2007-09-25
Mark Curphey (mark curphey com)
Hi,

I just wanted to let you know that Michael Smith (Guerilla CSO -
http://www.guerilla-ciso.com ) has agreed to take over moderating this list.
Traffic has been slow of late but I am sure Michael will stimulate
discussion again. My life has taken a right hand turn and I will be
travelling a great

[ more ]  [ reply ]
Advise on Internal Control Policies 2007-09-19
mr nasty ix netcom com (1 replies)
This is almost a case study. This is a relatively small shop with about 10 people in the entire IT which includes three managers, three development IT, 1 security, two sysadmins and one assistant admin, 1 tester, 1 mgr who really isn't IT and only does one small administrative job concerning IT.

[ more ]  [ reply ]
RE: Advise on Internal Control Policies 2007-09-19
Jason Bevis FOUNDSTONE COM
Re: Translators and Proof Readers Wanted for the ISM Top Ten 2007-08-14
ljpsilva blueyonder co uk
I have done a course in proof reading.I have also done all my studies in english,including my professional qualifications both from the UK and the states.Presently I am semi retired because of illnes, suffered a few years back.Hence I wish to do proof reading from home, and would be most grateful to

[ more ]  [ reply ]
Re: Compliance Product Recommendation 2007-08-01
doug simpson bz (1 replies)
Mark, the tools that I mentioned can help automate a lot more than 25%.
I agree this would be an interesting paper or test.
My % was based on looking at the PCI doc and figuring out what parts these tools can automate. Can one of these tools do all the automation - doubtful.

If we take your log ex

[ more ]  [ reply ]
Re: Compliance Product Recommendation 2007-08-09
Paolo Ottolino (paolo ottolino gmail com)
Re: Compliance Product Recomendation 2007-07-27
doug simpson bz (1 replies)
Mark,
Good question and I should add that there is no "silver bullet" for compliance.
PCI is a good example for what Mark is asking ...

Here are the 12 major parts to PCI (of course there are greater details under each one)

Build and Maintain a Secure Network
Requirement 1: Install and maintain a

[ more ]  [ reply ]
RE: Compliance Product Recommendation 2007-07-28
Mark Curphey (mark curphey com) (1 replies)
RE: Compliance Product Recommendation 2007-07-28
ljknews (ljknews mac com) (1 replies)
RE: Compliance Product Recommendation 2007-07-28
Mark Curphey (mark curphey com) (1 replies)
RE: Compliance Product Recommendation 2007-07-28
ljknews (ljknews mac com)
Re: Compliance Product Recomendation 2007-07-27
doug simpson bz (1 replies)
I can give you a few but I must couch it with the following. I am a Sales Engineer. I work for Altiris/Symantec and I worked for Ecora.

Security Expressions (from Altiris) - looks at your systems (OS agnostic) from a policy stand point. You can choose a PCI policy or a CIS polciy or a HIPAA poli

[ more ]  [ reply ]
RE: Compliance Product Recomendation 2007-07-27
Mark Curphey (mark curphey com) (1 replies)
RE: Compliance Product Recomendation 2007-07-27
ljknews (ljknews mac com)
Compliance Product Recomendation 2007-07-27
aversetoriskman hushmail com (1 replies)
I work for a large financial services company in the mid-west and
am new to compliance and risk management. I have been tasked with
identifying a range of products I should budget for next year to
solve the security compliance needs in my company. I think these
include PCI, HIPAA and GLBA as wel

[ more ]  [ reply ]
RE: Compliance Product Recommendation 2007-09-02
Tony UcedaVelez (tonyuv versprite com)
ISM Community Policies and Standards Conference Call - Saturday 3pm GMT 2007-07-13
Mark Curphey (mark curphey com)
A few of us will be having a conference call on Saturday to discuss how to
get going with a Policies and Standards project at ISM Community. In fact
Ciske Van Oosten has already done a lot of work that can be reused which you
can see on his blog http://infosec-risk.blogspot.com/. The idea is to buil

[ more ]  [ reply ]
ISM Top Ten 2007 Released 2007-07-01
Mark Curphey (mark curphey com)
The ISM Community Top Ten has been finally released.

As well as the top ten itself it has some great "tips and tricks from the
field" written by some CSO's in Europe and the USA.

You can download the PDF document here

http://www.ism-community.org/files/folders/trainingandawarenessrelease/e
ntry
9

[ more ]  [ reply ]
Version 1.0b1 of Open Source Risk Assessment Tool (SOBF Tool) 2007-07-01
Adrian Wiesmann (awiesmann somap org)
Hello

We from SOMAP.org recently released version 1.0b1 of our open source risk
assessment tool which is known as "Security Officers Best Friend (SOBF)".

There are much changes since the last development preview: This beta
version features a completely redesigned Risk Assessment Workflow panel.
Th

[ more ]  [ reply ]
ISM Community Chapter Management Application Now in Beta 2007-06-22
Mark Curphey (mark curphey com)
ISM Community Chapter Management Application Now in Beta

The application to run ISM Community Local Chapters is now running in beta
at http://www.securitylinkup.com

For those wanting to start a local ISM Community Chapter the process is
simple;

1. Sign up for a free account at www.securitylinku

[ more ]  [ reply ]
ISM Community Top Ten Release - Next Week 2007-06-22
Mark Curphey (mark curphey com)
Just a quick update. The ISM Community Top Ten will be released next week.
It's a great document including practical tips and tricks from some top
CSO's from big companies! Real world experience, really great advice.

If you are a blogger or a journalist (same thing) please drop Tim Smith
(tim@smiff

[ more ]  [ reply ]
Policies and Standards Project at ISM Community 2007-06-08
Mark Curphey (mark curphey com)
Ciske van Oosten has agreed to take over the Policies and Standards project
at the ISM Community. Ciske runs a great blog focused on policies and
standards at http://infosec-risk.blogspot.com/.

The idea behind the Policies and Standards project is to build and maintain
a comprehensive and well wri

[ more ]  [ reply ]
ISM Community Top Ten Draft 2007-06-04
Mark Curphey (mark curphey com)
I have just uploaded the ISM Community Top Ten Draft here.

http://www.ism-community.org/files/folders/trainingandawarenessrelease/e
ntry
946.aspx

The intention of the T10 is to provide a short and concise awareness
document. In the same genre as the SANS Top 20 and OWASP Top Ten it can be
used by

[ more ]  [ reply ]
Translators and Proof Readers Wanted for the ISM Top Ten 2007-06-02
Mark Curphey (mark curphey com)
We have almost completed the ISM Community Top Ten and plan to release it in
the next few weeks.

Are there any translators who would be interested in translating it into
local languages?
Are there any proof readers who are interested in improving the grammar and
generally proof reading the final d

[ more ]  [ reply ]
The ISM Community is Open Again 2007-05-03
Mark Curphey (mark curphey com)
The ISM Community is Open Again

First off an apology. When we started the ISM-Community in January, there
was lots of interest and initial activity. Lots of people wanted to start
projects and start chapters and we quickly realized it would have become
very unmanageable with the way we had the port

[ more ]  [ reply ]
Wanted : Old Policies and Standards for Recycling! 2007-05-01
Mark Curphey (mark curphey com)
Yes that's right, I want your old polices and standards for re-cycling. We
have revamped the ISM-Community and are about to kick it off later this week
with an easier and simpler structure and lots of new features like mailing
lists and a custom application to manage local chapters. Formal announcem

[ more ]  [ reply ]
ISM Community Washington DC Local Chapter Meeting - April 20th, City Club 2007-03-27
Mark Curphey (mark curphey com)
The ISM-Community DC Chapter would like to cordially invite everyone to its
first ever meeting.

http://www.ism-community.org/Chapters/view.aspx/Washington_DC

Agenda
-Arrivals and Introductions
-Concept of ISM-Community
-Development of the ISM-Community FISMA Top 10
-Future project ideas
-Cookies a

[ more ]  [ reply ]
Open Risk Model Repository and Open Source Risk Assessment Tool 2007-03-25
Adrian Wiesmann (awiesmann somap org)
Hello list

We from the SOMAP.org project just released another development preview of
our Open Source Information Security Risk Assessment and Management
application called Security Officers Best Friend (SOBF) Tool. With this
version we introduced the implementation of the Risk Assessment Workflow

[ more ]  [ reply ]
ISM Community Update 2007-03-15
Mark Curphey (mark curphey com)
General Update
The Wiki is now online. http://www.ism-community.org/ProjectsWiki/. If you
haven't used a Wiki before don't worry. Anyone with an account on the portal
can collaborate on any projects. Simply register, go to the project pages
and you can edit, add and read online with no additional st

[ more ]  [ reply ]
Outsourcing Guide and Common Assessment Criteria 2007-03-03
Mark Curphey (mark curphey com)
Two interesting projects are gathering steam at the ISM-Community.

Information Security Outsourcing Guide - Outsourcing security is here to
stay, like it or not. We are lucky enough to have two volunteers who
understand a great deal about the business of outsourcing and the security
implications.

[ more ]  [ reply ]
(Page 1 of 12)  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus