Re: What's in a security policy? (was Re: How do we do our job?)

From: darrenrat_private
Date: Thu Apr 30 1998 - 06:47:57 PDT

Next message: Bennett Todd: "Re: How do we do our job?"

Previous message: darrenrat_private: "Re: Lloyds to offer hacker insurance"
Next in thread: Bennett Todd: "Re: What's in a security policy? (was Re: How do we do our job?)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In some email I received from Bennett Todd, sie wrote:
> 
> But none of this comes near addressing the point you raised: how would
> you go about ``verifying that a security policy is any good''?

Well, the first step might be to check that it actually exists.

The next might be to evaluate it against what the business requires from
whatever it controls and what the security risks are.

Darren

Next message: Bennett Todd: "Re: How do we do our job?"
Previous message: darrenrat_private: "Re: Lloyds to offer hacker insurance"
Next in thread: Bennett Todd: "Re: What's in a security policy? (was Re: How do we do our job?)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:57:56 PDT