RE: Best practices for a small business's security

From: Jason Balicki (kodak_at_frontierhomemortgage.com)
Date: 12/29/03

  • Next message: Lard van den Berg: "Re: Firewall Hardware Recommendations"
    To: "'bob martin'" <bobmartin_613@hotmail.com>, <security-basics@securityfocus.com>
    Date: Mon, 29 Dec 2003 16:07:37 -0600
    
    

    >I am looking for best practices or an outline to follow for
    >helping a small
    >company to secure their business. I've found many resources on the
    >technical aspects, but am hoping for suggestions for websites or books
    >covering the business aspects as well. Any help would be much
    >appreciated.

    I have no idea how useful it is yet, but I'm currently evaluating
    the CERT OCTAVE-S program. It appears to be what you're looking
    for. The guides are free and downloadable. The full OCTAVE program
    is for huge companies, but the OCTAVE-S program is for small (less than
    a hundred or so employees) businesses. It's still overkill for a
    mom & pop shop, but it's something.

    It's designed to put the IT people and the business people in a room
    and work out a site-specific security policy, to evaluate current
    weaknesses and to lay out a security implimentation plan.

    OCTAVE-S is currently at version 0.9, and version 1.0 is expected
    soon.

    Check it out:
    http://www.cert.org/octave/

    HTH,

    --J(K)

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------


  • Next message: Lard van den Berg: "Re: Firewall Hardware Recommendations"