OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: RE: Paper on why I need a security Assessment
From: Moore, James (James.MooreMSFC.NASA.GOV)
Date: Wed Feb 02 2000 - 11:14:58 CST

Sounds like you're talking about risk management - that's the "why" for
doing a security assessment. I'd recommend you take a look at some of the
material at NIST's website first. They have done some good work, and their
material is free of vendor/consultant bias - your tax dollars at work :).

If you're interested go to: http://csrc.nist.gov and search for the
following documents:

NIST Special Publication 800-18,
NIST Special Publication 800-12, (see Chap 7 for an overview, Chap 20 for a
case study)

Jim Moore
256.461.4381

----------- PGP PUBLIC KEY FINGERPRINT ------------
1D9C 3AC3 34E6 EEDF 22B9 7886 7797 6908 048F 049B
---------------------------------------------------

> -----Original Message-----
> From: Matt McClung [SMTP:mmcclungndwcorp.com]
> Sent: Tuesday, February 01, 2000 3:09 PM
> To: firewall-wizardsnfr.net
> Subject: Paper on why I need a security Assessment
>
> I am looking for a good paper on why a company should perform a security
> assessment. Not the What is an assessment type of paper, but a WHY - If I
> don't do anything then what?
>
> Example: If you don't check the configuration of your web server, you may
> leave a default server setting that allows for a system compromise using a
> well known scripting tool.
>
> Anyone have a link to something like this?
>
> Matt