Mailinglist Archive

NOTE: The following is quoted from Linux Weekly News (http://lwn.net)
subscription section.  This issue of LWN's "Weekly Edition" will become
publicly accessible on Thursday, November 4th.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

This 31-page document asks a few hundred questions about your security
setup. They cover a wide range of topics, including risk management
("Who is responsible for keeping records of cyber intrusions, costs of
remediation, response time, and documenting procedures and processes?"),
policy management ("Does your information security organization report
to the IT organization, or is it a separate organization that maintains
its independence and freedom from conflicts of interest?"), cyber
intelligence ("When applying a patch to any system vulnerability, do you
have a process for verifying the integrity, and testing the proper
functioning of the patch?"), access controls ("Do you check for modems
attached to PCs, routers, or printers?"), vulnerability testing ("Do
your penetration tests encompass social engineering?"), wireless access
("Is someone responsible for tracking the number of employees with WLANs
at home?"), and more.

http://www.infragard.net/library/pdfs/technologyrisklist.pdf

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

PS: If you have any interest in Linux, open source, Programming or
System/Network Security I would highly recommend you subscribe to LWN. 
The subscription runs $5.00/month.