Re: [fw-wiz] tunnel vs open a hole

From: Magosányi Árpád (mag@bunuel.tii.matav.hu)
Date: 04/11/03

  • Next message: Gary Flynn: "Re: [fw-wiz] tunnel vs open a hole"
    To: George Capehart <capegeo@opengroup.org>
    From: mag@bunuel.tii.matav.hu (Magosányi Árpád)
    Date: Fri, 11 Apr 2003 06:11:32 +0000
    

    A levelezőm azt hiszi, hogy George Capehart a következőeket írta:
    > professionals. There *does* exist a well-defined IT governance model:
    > see http://www.isaca.org/cobit.htm. There is also a model for
    > accountability that I personally like (but at which everyone would like
    > to duck and run for cover) . . . see
    > http://csrc.nist.gov/sec-cert/SP-800-37-v1.0.pdf (the certification and

    My favourite mania recently!

    Add BS7799-2:2002 (not to be confused with ISO17799, which is a crap), and you have the whole
    IT security covered. Just realize that which methodology is the best for
    which area (CC: technical controls and requirements, Cobit: processes,
    roles, and responsibilities, BS7799-2: process control modell) and
    understand that IT security is a continually enhancing and changing process
    which should be handled in an integrated way with other process control
    modells: ISO900x, IT strategy, etc.
    All of these methodologies (maybe with the exception of CC) try to cover
    all areas of security, but they all have _one_ area where they are
    useable. And of course a methodology is just a methodology. To make
    it useful, you have to use your brain and common sense.

    -- 
    GNU GPL: csak tiszta forrásból
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    

  • Next message: Gary Flynn: "Re: [fw-wiz] tunnel vs open a hole"