SecCatalog

 

The catalog of practices is deliberately divided into two types of practices – strategic and operational. Strategic practices focus on organizational issues at the policy level and contain good, general management practices. Strategic practices include business-related issues as well as issues that require organization-wide plans and participation.

Operational practices focus on technology and physical-related issues. They include issues related to how people use, interact with, and protect assets.  Since strategic practices are based on good management practice, they should be fairly stable over time. Operational practices are more subject to changes as both physical and virtual technology advances and new practices arise to deal with those changes.

Building a Security Services Catalog of Practices ensures proper program definition and clarity in what you do.  Let the business know what you do, how you do it, who does, and in what timeframe in can be done.  Align this with your operations and service level agreements.  Not sure how to do it?

Contact Treadstone 71 to learn how we can help you develop policies, procedures, standards and guidelines.  Call today 1-888-687-8450 or email us at info@treadstone71.com

 

 Copyright 2003 Treadstone 71 info@treadstone71.com  1-888-687-8450 Office - 508.519.0363 Fax

 

ISO17799, OCTAVE, CISSP, CISM, Sarbanes Oxley, SOX, CobiT, 27001, ISMS, ISO-27001, ISO 27001, ISO27001, 27005, 27002, GRC, prevention, 17799, proactive, FISMA, defense in depth, arabic, jihadi, cyber jihad, cyber terrorism, holistic security, 201 CMR 17, governance, risk, compliance, Jeff Bardin, Wireless Security, CMM, ITIL, ITSM, Sarbanes Oxley, security awareness, risk, threat, threat matrix, security metrics, ISO1779 training, 21 CFR 11, NSA IAM, BITS, risk management, security in the sdlc, secsdlc, security program, security strategy, business impact analysis, Treadstone 71, bourne, CISM, penetration testing, risk, GRC, detective controls, preventative controls, HIPAA, GLBA, Graham-Leach-Bliley, SAS 70, intrusion detection, interim CISO, interim CIRO, CIRO, CISO, chief security, FFIEC, financial services, trust, continuity, risk assessment, maturity, vulnerability scans, data classification, assessments, disaster recovery, homeland security, security metrics, rosi, roi, training, security posture, threat vulnerability pairs, vulnerability management, security services, information security, risk management, business risk, controls, holistic security, defense in depth, Governance, Risk and Compliance, information risk management