Shakti Velu,

End user awareness is the key ... Keep them informed the latest phishing
threats...

Thanks
Siddiqu.T

-----Original Message-----
From: shakti velu [mailto:shaktivelu88 (at) gmail (dot) com [email concealed]]

Sent: Thursday, July 27, 2006 10:23 AM
To: bs7799 (at) securityfocus (dot) com [email concealed]
Subject: phishing threat

We have im

[ more ]  [ reply ]

We have implemented two-factor authentication a year back.

Recently came to know that it has been defeated by latest phishing attacks?

What are the other measures to mitigate the phishing threat?

[ more ]  [ reply ]

Hi guys,

This is my 1st post at security focus. Well, I would like to have your valuable sugessions on ISO 27001 (LA). I have got 3 years working experiance (2yrs in Network Security) with MCSA,CCNA,CCNP,CCSA and CEH certifications.

I would like to go for ISO 27001 program (Lead Auditor). Is i

[ more ]  [ reply ]

Hi

The requirement to measure the performance of IT security processes is a mandatory requirement by ISO 27001:2005.

Measuring Security provides an approach to help management decide where to invest in additional

security protection resources or identify and evaluate nonproductive controls. It

[ more ]  [ reply ]

HI

Logs are to be maintained and reviewed on a regular basis.

As per ISO 27001 there is a control objective controls

Audit logging

Monitoring system use

Protection of log information

Administrator and operator logs

So this means log has to be generated , it has to be reviewed , protec

[ more ]  [ reply ]

HI

Physical security plays a pivotal role in implementation of ISO 27001.

All physical controls applicable needs to be checked i can list some

Access list

Visitor Entry logs

Server Room Security

Server Room logs

Environmental Ctrls

Cabling

UPS testing logs

Movement of equipments

Evacuat

[ more ]  [ reply ]

Hi,

Section A10.10 covers in detail on monitoring and logging.

Siddiqu.T.

-----Original Message-----
From: Samir Pawaskar [mailto:samirp (at) eim (dot) ae [email concealed]]

Sent: Wednesday, July 19, 2006 8:56 AM
To: iso 27000; bs7799 (at) securityfocus (dot) com [email concealed]
Subject: Re: Log Analysis

The only control that I can think of is rel

[ more ]  [ reply ]

----- Original Message -----
From: "Samir Pawaskar" <samirp (at) eim (dot) ae [email concealed]>
To: "shakti velu" <shaktivelu88 (at) gmail (dot) com [email concealed]>
Sent: Wednesday, July 19, 2006 7:18 AM
Subject: Re: physical security

> COntrols have to be there.. What depends entirely on the value of
> information that you are securing and the le

[ more ]  [ reply ]

Hi,

I am new to ISO 27001

We are setting up a facility for log collection and analysis for all
servers in datacenter. Right now we are looking at Unix syslog as
central server and everyone pushing OS logs here.

In future we are planning to go for ISO 27001 for our datacenter.

Could someone throw

[ more ]  [ reply ]

simply put it is the first line of defense in protecting your assets
from malicious people/activity

\tmc

-----Original Message-----
From: Vikrant [mailto:vikrant (at) albahja (dot) com [email concealed]]
Sent: Tuesday, July 18, 2006 9:40 AM
To: bs7799 (at) securityfocus (dot) com [email concealed]
Subject: Perimeter security

Hi all,

How would you def

[ more ]  [ reply ]

A good source of info would be:

May 4, 2006: Draft Special Publication 800-80, Guide for Developing
Performance Metrics for Information Security

NIST's Computer Security Division has completed the initial public draft
of Special Publication 800-80, Guide for Developing Performance Metrics
for I

[ more ]  [ reply ]

Hello,

I am trying to develop metrics for the ISO 27001. There doesnot seem
to be much of consensus on how to go about it ?

What are we supposed to measure here - is it the effectiveness of the
controls or how many controls are being followed ?

[ more ]  [ reply ]

Hi,

How much of physical security concerns need to be addressed in ISO 27001

Do we need to get into details like bio-metric access control and

CCTV for datacenter?

[ more ]  [ reply ]