RE: Certification for Win2k Web Servers
From: Roberta Bragg (freouwebbe@msn.com)Date: 11/04/02
- Previous message: disciple: "RE: Certification for Win2k Web Servers"
- In reply to: disciple: "RE: Certification for Win2k Web Servers"
- Next in thread: Rajesh Sampath: "RE: Certification for Win2k Web Servers"
- Next in thread: Kolde, Jennifer E.: "RE: Certification for Win2k Web Servers"
- Reply: Rajesh Sampath: "RE: Certification for Win2k Web Servers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Roberta Bragg" <freouwebbe@msn.com> To: "'disciple'" <marcus@nwnc.net>, <focus-ms@securityfocus.com> Date: Mon, 4 Nov 2002 12:02:39 -0600
Some good thoughts here, but, a small correction.
the SANS gold standard training is in understanding and applying the recent
composite security standard for Microsoft Windows 2000 Professional (not
server). (the composite is a NSA, NIST, SANS, Microsoft etc, etc,
consensus) and there is a certificate available. (not certification).
Roberta Bragg
Have Computer Will Travel, Inc.
> -----Original Message-----
> From: disciple [mailto:marcus@nwnc.net]
> Sent: Friday, November 01, 2002 4:50 PM
> To: Matt Hodge; focus-ms@securityfocus.com
> Subject: RE: Certification for Win2k Web Servers
>
>
> SANS institute has a Windows 2000 "Gold Standard", which is
> basically a
> collection of the industry best practices for Windows 2000
> server security.
> However, they don't offer any auditing to certify that you've met the
> standard.
>
> When it comes to actual auditing, there are a number of large, well
> respected organizations which offer penetration testing and security
> auditing (PWC, Lucent, Foundstone - don't know how large
> foundstone is).
> The issue really is whether you can convince all of your
> customers to accept
> the audit results from the single third party auditor. The
> NSA also offers
> certifications in their Infosec Assessment Methodology. If
> you can find a
> reputable vendor which has NSA certified analysts, that may
> be enough for
> your customers.
>
> Just my 2c.
>
>
>
> -----Original Message-----
> From: Matt Hodge [mailto:security@hodgefamily.org]
> Sent: Friday, November 01, 2002 2:44 PM
> To: focus-ms@securityfocus.com
> Subject: Certification for Win2k Web Servers
>
>
>
>
> I work at a company that offers web services to industries
> that are fairly
> paranoid about security. With each customer we encounter they seem to
> wince at hosting their data through our servers instead of hosting it
> themselves. So we are repeatedly going through security
> audits of various
> types. My question is this, are there any standards or
> companies that can
> do an audit on a regular basis, who has enough standing in
> the community
> that other companies will take their audit instead of doing
> their own? We
> have already hired independent companies to do audits and we
> always turn
> out fine but from a sales point of view it is becoming a
> major hurdle to
> have to jump over each time. Thanks
>
>
- Previous message: disciple: "RE: Certification for Win2k Web Servers"
- In reply to: disciple: "RE: Certification for Win2k Web Servers"
- Next in thread: Rajesh Sampath: "RE: Certification for Win2k Web Servers"
- Next in thread: Kolde, Jennifer E.: "RE: Certification for Win2k Web Servers"
- Reply: Rajesh Sampath: "RE: Certification for Win2k Web Servers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
