I realize this is a huge question and most of the times unanswerable. Building a policy structure for a company, then implementing it from the ground up, is a huge undertaking and has me a bit overwhelmed. Bit by bit I guess.
On Tue, Mar 1, 2011 at 7:53 AM, Chesmore, Michael [DAS] < [email protected]> wrote: > Wow, huge question…. > > > > Not sure that this will be all that helpful but there is a pretty good book > on Security Metrics called “Security Metrics, Replacing Fear, Uncertainty > and Doubt” by Andrew Jaquith > > > > I like the ideas in it but liking ideas and implementing them are worlds > apart sometimes. > > > > Mike > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Michael Lubinski > *Sent:* Monday, February 28, 2011 2:10 PM > *To:* [email protected] > *Subject:* [Pauldotcom] Security Starts With Policies > > > > As it stands many think that security starts with solid policies and > procedures. Every good policy and procedure will have a scope. I am in the > midst of taking an organization and applying some best practices with some > audit requirements. How do you scope a project that is based on best > practices and encompasses everything from servers, routers, switches, > firewalls, and unused network drops? > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
