Hi,

**An Asset by definition is something which has value to the business. If it's not well protected, there's likelihood of business loss**

Asset can be classified in terms of Physical, Software, Paper, Service, Information and People.

A physical asset could have a linkage with software, se

[ more ]  [ reply ]

You are right - Michal ..subcomponents are the assets ..

but coming to the threats .. if windows OS is an asset ..will the threats
on it be same --like password cracking, buffer overflow,virus attack
etc. - irrespective of which organisation it belongs to !

On 6/27/06, Michal Merta <michal.merta@

[ more ]  [ reply ]

most people seem to support - all assets need to be broken down into
subcomponents.- OS , configuration, database etc separately

Is there any website link which has list of threats or vulnerabilties
which are applicable to these IT asset components...I am assuming that
this list will be pretty much

[ more ]  [ reply ]

http://www.sans.org/rr/whitepapers/authentication/rss/1636.php

May be you've seen this few weeks back in sans reading room (I grabbed
it from a RSS).

Just to summarize, what this paper suggest is that to scrambling
dictionary words to make strong password. Generated passwords will
initially be st

[ more ]  [ reply ]

What is an asset in ISO 27001.

I have already done my basic checks. In a datacenter I have
application servers, database servers , web servers.

Do we consider each server in total as an asset or should we consider
data within a database as a seperate asset and OS of the database as a
seperate asse

[ more ]  [ reply ]

Thanks frnds u have delivered a great information but i am facing one prob that in my company we have few computers which has USB 1 drive (P-III) and few have windows 98 OS. so can u guide me how to resolve /restrict USB in both cases.

awaiting your reply

PRASHANT

[ more ]  [ reply ]

Quizzes at the end of training are good but whether users can parrot back what
you just taught them really isn't a good measure of retention.

My suggestion is that some sort of metrics is developed and base-lined prior to
training. It really depends on what the key issues are but some examples c

[ more ]  [ reply ]

Good afternoon Arno,

Do you have something to start from ? I am a security model specialist and I might be able to help you match out for what you are looking for accross MOF, ITIL, BS7799, ISM3, CoBIT, SSE-CMM, CC, CMMI, PCMM, SPICE, PMBoK, Rational, OPF...

Describe me your intent a bit better

[ more ]  [ reply ]

The first thing I would do is sit down with management and have them define
"meaningful." Basically your asking them to tell you what standard they are
holding you to.

I agree, comprehension is important but only if it translates to a measurable
change in behavior. A measurement could be a redu

[ more ]  [ reply ]

Hello Shakti,

This is indeed a little difficult task but not too challenging if addressed correctly.

A NIST special publication has something close to what you need.

http://csrc.nist.gov/publications/nistpubs/800-50/NIST-SP800-50.pdf

Section 6.1 focuses on 'Monitoring Compliance'. Here the

[ more ]  [ reply ]

Best way is to have an online web based quiz or examination, enforce all
the users to take the quiz and make sure all of them are passed. If it
is web enabled then the accountability will not be an issue.

-----Original Message-----
From: shakti velu [mailto:shaktivelu88 (at) gmail (dot) com [email concealed]]

Sent: Tuesday,

[ more ]  [ reply ]