Andy,
I would add in
* Database account administration as a separate line item
* Application and O/S Logging strategies
* Systems and Application Monitoring, including security
* Non-Functional test strategies for security changes
Also maybe a line about things to avoid falling into, like
phpMysqladmin, cpanel etc ...
Cheers
Steve
On 02/12/2012 15:57, TheTolik wrote:
I am working on creating a guide to IT Security to help companies
without or with a minimal IT budget protect themselves and their
customers, and am looking for community's input into the topics that
should be discussed.
I also see a lot of value in including recommendations for applicable
tools/technologies that are easily accessible, easy to use, and yet
effective, with strong affinity towards open source, and therefore
would be very appreciative for input on per-topic basis.
So far in regards to the topics, I have (In no particular order)
- Security Awareness and High Level Training
- Account Management / Password Management / Local Admin Rights
- Email Etiqute, Email Threats, and Email Security
- Network and System Vulnerability Scanning/Patching
- Network Security (Firewalls)
- Backups and Backup Security
- Wireless and WiFi Security
- System Security, AV/HIPS
- Website Security and Web/Application Security Testing
- Sensitive Information and Applicable Laws, Regulations, and
Compliance Requirements
Any valuable input would be greatly appreciated.
Thanks,
Andy | oxbeef
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
