Site Sponsor:

mcafee_logo.gif
line

Now Available:

Featured Resource:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Dan or post a comment to the blog.

« ISPs Need to Respond to Botnets | Main | Complexity is the Enemy of Secure, Stable Systems »

Establishing an Organizational Security Framework

Those who work in security and systems administration could spend every hour of every day down in the trenches dealing with the latest threat, reconfiguring devices, patching applications, and telling others to stop downloading non-work related material from P2P networks. At some point though, many of us will be asked to step back and look at the big picture and answer questions like how do we better manage our security operations? how do we decide where to invest in countermeasures? who should be responsible for different aspects of security and compliance? and so on.

There is no easy answer and every organization needs to work through these questions but an article 16, Elements of Organizational Security, in the The Essentials Series: Messaging and Web Security Volume II has tip to helps get the process started. The article includes tips on:

1. Focusing on risk, not just compliance and certifications
2. Sharing responsibility for security
3. Using composite metrics to measure effectiveness
4. Using realistic and enforceable metrics
5. Introducing security initiatives along with other organization or department level
initiatives

You might also be interested in article 7, Measuring Security: Application Metrics, which is also available in The Essentials Series: Messaging and Web Security Volume II

Tags:        
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Dan Sullivan on September 11, 2007 6:30 PM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-websecurity.com/type/mt-tb.cgi/422

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Latest White Papers

line

Blog Roll

line

Dan Sullivan's Bio:

Dan Sullivan is a systems architect with 20 years of IT experience that includes engagements in enterprise security, application design, and systems architecture. His experience includes a broad range of industries, including financial services, manufacturing, government, retail, gas and oil production, power generation, and education. Dan’s security-related project work has ranged from requirements analysis for enterprise information security to designing and implementing security for database applications and enterprise portals. Dan has written about information security and other enterprise information management topics for Business Security Advisor, DM Review, Intelligent Enterprise, and E-Business Advisor. You can contact Dan at: dan_sullivan@realtimepublishers.net