Sep 21 2009

Due Diligence, and Security Assessments

Category: Information Security,Security Risk AssessmentDISC @ 9:21 pm

Microsoft Baseline Security Analyzer
Image via Wikipedia

Fighting Computer Crime: A New Framework for Protecting Information

Risk assessment demands due diligence, which makes business sense and derives organization mission. Due care care is also about applying the specific control that counts. In information security, due diligence means a complete and comprehensive effort is made to avoid a security breach which could cause detrimental effects and identify various threats that may be exploited for a possible security breach.

Donn Parker defines due care as a “use of resonable safeguards based on the practices of similiar organizations”

Fred Cohen defines “due diligence is met by virtue of compliance review.”

Organizations must: (i) periodically assess the security controls in organizational information systems to determine if the controls are effective in their application; (ii) develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational information systems; (iii) authorize the operation of organizational information systems and any associated information system connections; and (iv) monitor information system security controls on an ongoing basis to ensure the continued effectiveness of the controls.
(FIPS 200, Section 3, Minimum Security Requirements)


Reblog this post [with Zemanta]

Tags: donn parker, due care, due diligence, Fred Cohen, security controls

6 Responses to “Due Diligence, and Security Assessments”

  1. Business process automation says:

    Donn Parker defines due care as a “use of resonable safeguards based on the practices of similiar organizations”

    Fred Cohen defines “due diligence is met by virtue of compliance review.”

  2. North Carolina Furniture says:

    This is a cool screen idea ! It is very interesting indeed.Thank you for your info.i love to read all info.

    Thanks
    Wilson mark
    ______________________________________________

  3. North Carolina Furniture says:

    I want to express my admiration of your writing skill and ability to make reader to read the while thing to the end

    regards
    Wilson mark
    ______________________________________________

  4. mcfc says:

    smoker…

    When I first got into Internet Advertising the most important battle I had was writing sales copy that converted guests into customers. I was lucky if I had…

  5. apiary says:

    zum…

    here are some links to web pages that we link to because we think they may be worth visiting…

  6. Throwing in the towel | The InfoSec Blog says:

    […] Due Diligence, and Security Assessments (deurainfosec.com) […]

Leave a Reply

You must be logged in to post a comment. Login now.