On Tue, Mar 1, 2011 at 7:10 AM, Michael Lubinski <[email protected] > wrote:
Hey Michael, As it stands many think that security starts with solid policies and > procedures. Every good policy and procedure will have a scope. I am in the > midst of taking an organization and applying some best practices with some > audit requirements. How do you scope a project that is based on best > practices and encompasses everything from servers, routers, switches, > firewalls, and unused network drops? > Definitely. You can look at implementing ISO-27001 which is exactly this (implementing an Information Security Management System or ISMS). Wikipedia has an overview: http://en.wikipedia.org/wiki/ISO/IEC_27001 No point re-inventing the wheel :) Cheers, Chris.
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
