Re: [fw-wiz] tunnel vs open a hole
From: Magosányi Árpád (firstname.lastname@example.org)
To: George Capehart <email@example.com> From: firstname.lastname@example.org (Magosányi Árpád) Date: Fri, 11 Apr 2003 06:11:32 +0000
A levelezőm azt hiszi, hogy George Capehart a következőeket írta:
> professionals. There *does* exist a well-defined IT governance model:
> see http://www.isaca.org/cobit.htm. There is also a model for
> accountability that I personally like (but at which everyone would like
> to duck and run for cover) . . . see
> http://csrc.nist.gov/sec-cert/SP-800-37-v1.0.pdf (the certification and
My favourite mania recently!
Add BS7799-2:2002 (not to be confused with ISO17799, which is a crap), and you have the whole
IT security covered. Just realize that which methodology is the best for
which area (CC: technical controls and requirements, Cobit: processes,
roles, and responsibilities, BS7799-2: process control modell) and
understand that IT security is a continually enhancing and changing process
which should be handled in an integrated way with other process control
modells: ISO900x, IT strategy, etc.
All of these methodologies (maybe with the exception of CC) try to cover
all areas of security, but they all have _one_ area where they are
useable. And of course a methodology is just a methodology. To make
it useful, you have to use your brain and common sense.
-- GNU GPL: csak tiszta forrásból _______________________________________________ firewall-wizards mailing list email@example.com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards