Tuesday, April 21, 2009

ISECOM Co-Founder Pete Herzog Releases Draft of "Real Audit Guidelines" (RAG)

| Brett D. Arion |
Pete Herzog, co-founder of ISECOM has released a draft paper of audit guidelines to bolster security for entities. If you have never heard of ISECOM or Pete himself, then you should familiarize yourself with their work for it is truly community and consensus driven, and provides a wealth of information for security auditors and testers. In his paper, Pete outlines 12 controls that if applied, will result in a "Truly Secure and High Functioning Network Infrastructure". The draft contains 5 of the 12 controls with more to be released later. The 12 controls to be discussed in this paper are:

1. Identification (Who the hell are you?!)
2. Non-repudiation (I know you did it!)
3. Authorization (I didn't say you could do it!)
4. Subjugation (Do what I say not what I do!)
5. Privacy (None of your damn business what I do!)
6. Confidentiality (None of your damn business what I say!)
7. Alarm (Now you've done it!)
8. Resilience (Happy now? You've ruined it for everyone!)
9. Continuity (Never mind, I got a spare.)
10. Integrity (It wasn't like this when I left!)
11. Indemnification (I told you so!)
12. Authentication (Stop ringing the damn bell and let yourself in!)


The paper can be found here.

Free Security Magazines