Hi,

I just wanted to let you know that Michael Smith (Guerilla CSO -
http://www.guerilla-ciso.com ) has agreed to take over moderating this list.
Traffic has been slow of late but I am sure Michael will stimulate
discussion again. My life has taken a right hand turn and I will be
travelling a great

[ more ]  [ reply ]

This is almost a case study. This is a relatively small shop with about 10 people in the entire IT which includes three managers, three development IT, 1 security, two sysadmins and one assistant admin, 1 tester, 1 mgr who really isn't IT and only does one small administrative job concerning IT.

[ more ]  [ reply ]

I have done a course in proof reading.I have also done all my studies in english,including my professional qualifications both from the UK and the states.Presently I am semi retired because of illnes, suffered a few years back.Hence I wish to do proof reading from home, and would be most grateful to

[ more ]  [ reply ]

Mark, the tools that I mentioned can help automate a lot more than 25%.
I agree this would be an interesting paper or test.
My % was based on looking at the PCI doc and figuring out what parts these tools can automate. Can one of these tools do all the automation - doubtful.

If we take your log ex

[ more ]  [ reply ]

Mark,
Good question and I should add that there is no "silver bullet" for compliance.
PCI is a good example for what Mark is asking ...

Here are the 12 major parts to PCI (of course there are greater details under each one)

Build and Maintain a Secure Network
Requirement 1: Install and maintain a

[ more ]  [ reply ]

I can give you a few but I must couch it with the following. I am a Sales Engineer. I work for Altiris/Symantec and I worked for Ecora.

Security Expressions (from Altiris) - looks at your systems (OS agnostic) from a policy stand point. You can choose a PCI policy or a CIS polciy or a HIPAA poli

[ more ]  [ reply ]

I work for a large financial services company in the mid-west and
am new to compliance and risk management. I have been tasked with
identifying a range of products I should budget for next year to
solve the security compliance needs in my company. I think these
include PCI, HIPAA and GLBA as wel

[ more ]  [ reply ]

A few of us will be having a conference call on Saturday to discuss how to
get going with a Policies and Standards project at ISM Community. In fact
Ciske Van Oosten has already done a lot of work that can be reused which you
can see on his blog http://infosec-risk.blogspot.com/. The idea is to buil

[ more ]  [ reply ]

The ISM Community Top Ten has been finally released.

As well as the top ten itself it has some great "tips and tricks from the
field" written by some CSO's in Europe and the USA.

You can download the PDF document here

http://www.ism-community.org/files/folders/trainingandawarenessrelease/e
ntry
9

[ more ]  [ reply ]

Hello

We from SOMAP.org recently released version 1.0b1 of our open source risk
assessment tool which is known as "Security Officers Best Friend (SOBF)".

There are much changes since the last development preview: This beta
version features a completely redesigned Risk Assessment Workflow panel.
Th

[ more ]  [ reply ]

ISM Community Chapter Management Application Now in Beta

The application to run ISM Community Local Chapters is now running in beta
at http://www.securitylinkup.com

For those wanting to start a local ISM Community Chapter the process is
simple;

1. Sign up for a free account at www.securitylinku

[ more ]  [ reply ]

Just a quick update. The ISM Community Top Ten will be released next week.
It's a great document including practical tips and tricks from some top
CSO's from big companies! Real world experience, really great advice.

If you are a blogger or a journalist (same thing) please drop Tim Smith
(tim@smiff

[ more ]  [ reply ]

Ciske van Oosten has agreed to take over the Policies and Standards project
at the ISM Community. Ciske runs a great blog focused on policies and
standards at http://infosec-risk.blogspot.com/.

The idea behind the Policies and Standards project is to build and maintain
a comprehensive and well wri

[ more ]  [ reply ]

I have just uploaded the ISM Community Top Ten Draft here.

http://www.ism-community.org/files/folders/trainingandawarenessrelease/e
ntry
946.aspx

The intention of the T10 is to provide a short and concise awareness
document. In the same genre as the SANS Top 20 and OWASP Top Ten it can be
used by

[ more ]  [ reply ]

We have almost completed the ISM Community Top Ten and plan to release it in
the next few weeks.

Are there any translators who would be interested in translating it into
local languages?
Are there any proof readers who are interested in improving the grammar and
generally proof reading the final d

[ more ]  [ reply ]

The ISM Community is Open Again

First off an apology. When we started the ISM-Community in January, there
was lots of interest and initial activity. Lots of people wanted to start
projects and start chapters and we quickly realized it would have become
very unmanageable with the way we had the port

[ more ]  [ reply ]

Yes that's right, I want your old polices and standards for re-cycling. We
have revamped the ISM-Community and are about to kick it off later this week
with an easier and simpler structure and lots of new features like mailing
lists and a custom application to manage local chapters. Formal announcem

[ more ]  [ reply ]

The ISM-Community DC Chapter would like to cordially invite everyone to its
first ever meeting.

http://www.ism-community.org/Chapters/view.aspx/Washington_DC

Agenda
-Arrivals and Introductions
-Concept of ISM-Community
-Development of the ISM-Community FISMA Top 10
-Future project ideas
-Cookies a

[ more ]  [ reply ]

Hello list

We from the SOMAP.org project just released another development preview of
our Open Source Information Security Risk Assessment and Management
application called Security Officers Best Friend (SOBF) Tool. With this
version we introduced the implementation of the Risk Assessment Workflow

[ more ]  [ reply ]

General Update
The Wiki is now online. http://www.ism-community.org/ProjectsWiki/. If you
haven't used a Wiki before don't worry. Anyone with an account on the portal
can collaborate on any projects. Simply register, go to the project pages
and you can edit, add and read online with no additional st

[ more ]  [ reply ]

Two interesting projects are gathering steam at the ISM-Community.

Information Security Outsourcing Guide - Outsourcing security is here to
stay, like it or not. We are lucky enough to have two volunteers who
understand a great deal about the business of outsourcing and the security
implications.

[ more ]  [ reply ]