Matt A good resource to turn to the CERT/CC at http://www.cert.org You will find the necessary documentation in the reports section. Here are a few article titles you can search for: Avoiding the Trial-by-Fire Approach to Security Incidents Moira West-Brown What Messages Are You Sending to Vendors? Moira West-Brown, Shawn V. Hernan Julia Allen from CERT leads a team that produces solid documentation and presentation materials on the security assessments and common pitfalls. You can find some of those reports in the Security Improvement Modules I hope this helps jtw Matt McClung <mmcclungat_private> on 02/01/2000 04:09:09 PM Please respond to Matt McClung <mmcclungat_private> To: firewall-wizardsat_private cc: Subject: Paper on why I need a security Assessment I am looking for a good paper on why a company should perform a security assessment. Not the What is an assessment type of paper, but a WHY - If I don't do anything then what? Example: If you don't check the configuration of your web server, you may leave a default server setting that allows for a system compromise using a well known scripting tool. Anyone have a link to something like this? Matt ---------------------------------------------------------------- The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:59:57 PDT