All Policies and Procedures should be treated as a work in progress. Just because you have one does not mean that you are done. These P&P's need to be continually reviewed, tested and updated. Security does not stop once a program is in place. I work for the US Navy and have learned throughout the 20 years that even when you think that you have addressed the problem, new and better ways are always available.
Schwendinger ETC(SS) --- William Holmberg <[EMAIL PROTECTED]> wrote: > In my experience, that can be a big "if". > That being said, you are of course correct that just > as each business model doesn't translate straight > across (Try running a Ski company like a Bra > company, for instance), neither does your security > model, including many Practices, procedures, and > processes. > Now, THAT being said, I will tell you there are also > MANY similarities, and there is no shame in > "Standing on the shoulders of giants". In other > words "steal from the best". Use resources like > TechRepublic, GArtner, SecFocus, Talisker, et al. to > cobble together a good sound set of P&P that works > for YOUR org., and then customize what you need to, > compromise where you must, and get SOMETHING > together, even if not perfect. > It's more important to have a door you lock TODAY > than a complete automated system that isn't > operational for 2 years. > -My .02, > Bill > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] > Sent: Thursday, February 21, 2002 7:35 AM > To: William Holmberg; > [EMAIL PROTECTED] > Subject: RE: Security Manual - Due Diligence > > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > http://nsa1.www.conxion.com/ and > http://csrc.nist.gov/publications/ > > Security Operations, be it for any size > organization, is not a > 'cookie cutter' project. If you company is serious > about their Due > Diligence, they should be willing to invest the time > and money to > properly document their security operations. > > > Sandra Kay Miller > Content Security Lab Analyst > > ICSA Labs > 1000 Bent Creek Blvd., Suite 200 > Mechanicsburg, Pennsylvania 17050 > 717-790-8131 phone > 717-790-8171 fax > [EMAIL PROTECTED] > www.icsalabs.com > AIM: SandraKMi11er > > PGP: 0B6E 0F26 7FD9 7FE4 8AAE 03C3 3CA6 3B91 7DB1 > 4F9D > > - -----Original Message----- > From: William Holmberg > [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, February 19, 2002 2:03 PM > To: Stanford; > [EMAIL PROTECTED] > Subject: RE: Security Manual - Due Diligence > > > http://www.techrepublic.com > > A great resource! > > - -----Original Message----- > From: Stanford [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, February 19, 2002 12:36 PM > To: [EMAIL PROTECTED] > Subject: Security Manual - Due Diligence > > > Hello All - > > I really need to create an "Operations Manual" type > security document or book/manual. Can anyone point > me > in the right direction on the web to download > templates or even purchase outlines? This will be > the > Security Model in our company's Due Diligence > request. > I only have a short time to create this > manual....hence the request for templates or > something > of the like. > > All ideas are greatly appreciated! > > Thanks, > > Paul > > __________________________________________________ > Do You Yahoo!? > Yahoo! Sports - Coverage of the 2002 Olympic Games > http://sports.yahoo.com > > -----BEGIN PGP SIGNATURE----- > Version: PGP 7.0.1 > > iQA/AwUBPHT5UjymO5F9sU+dEQJWngCaAiF29NvzW4iSLZXFFg056diDRhYAnA6H > D/EWx7B/wiewELXx5VNUf0cz > =excY > -----END PGP SIGNATURE----- __________________________________________________ Do You Yahoo!? Yahoo! Sports - Coverage of the 2002 Olympic Games http://sports.yahoo.com
