Wow, huge question.... Not sure that this will be all that helpful but there is a pretty good book on Security Metrics called "Security Metrics, Replacing Fear, Uncertainty and Doubt" by Andrew Jaquith
I like the ideas in it but liking ideas and implementing them are worlds apart sometimes. Mike From: [email protected] [mailto:[email protected]] On Behalf Of Michael Lubinski Sent: Monday, February 28, 2011 2:10 PM To: [email protected] Subject: [Pauldotcom] Security Starts With Policies As it stands many think that security starts with solid policies and procedures. Every good policy and procedure will have a scope. I am in the midst of taking an organization and applying some best practices with some audit requirements. How do you scope a project that is based on best practices and encompasses everything from servers, routers, switches, firewalls, and unused network drops?
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
