Results 1 to 4 of 4

Thread: Industry Best Practices: Information/Links?

  1. #1
    Senior Member
    Join Date
    Jan 2005

    Industry Best Practices: Information/Links?

    Hello all-

    In my short time as an IT Auditor, one of the main things auditees ask for (besides wondering if I am human) is industry best practices that would assist them in complying with our corporate policies and standards while at the same time allowing them to avoid having to recreate the wheel (oh yes a cliche). Anyway - I was going to suggest some information, and googled some more information, but I thought to also ask here and post what I have found so far. Would anyone have any thoughts on this? I was also going to suggest this community, however many of the auditees may not be an immersed in the technology as many of us are. Then again, and most likely, I am incorrect - so please let me know if there have been best practices already published here. The other reason in posting these is part "trust but verify" in that - just because the below are toted as "best practices" I wanted to run it by this community for verification.

    I am looking for best practices for security (workstation, server, network, etc.) along with DRP/BCP. Also as an FYI - I also found sites that cost quite a bit to offer best practices - one item for security cost @$350 for one whitepaper. I will post the free ones I find and ask for others as well. I will also post the sites that are pay-for and mark them as such. Here is what I have so far:

    Disaster Recovery Planning (DRP)/Business Continuity Planning (BCP)
    Link verified:03MAR2005:Cisco -DRP-Whitepaper: http://www.cisco.com/warp/public/63/disrec.html#topic1
    Link verified:03MAR2005:South Carolina Govt DRP Best Practices: http://www.cio.sc.gov/SCEA/DisasterR...tPractices.pdf

    Security: General
    Link verified:03MAR2005:MOREnet Security Best Practices: http://www.more.net/security/best/index.html
    Link verified:03MAR2005:System Experts Tutorials: http://www.systemexperts.com/tutorial.html

    Security: Databases
    Link verified:03MAR2005:SQL Server Security: http://vyaskn.tripod.com/sql_server_..._practices.htm
    Link verified:03MAR2005:Microsoft SQL Server Security: http://www.microsoft.com/technet/pro...ec04.mspx#EDAA

    Security: OS/OE
    Link verified:03MAR2005:Red Hat/Fedora: http://lwn.net/Articles/123073/
    Link verified:03MAR2005:CERT Security Improvement Modules: http://www.cert.org/security-improvement/

    Security: Networks
    Link verified: 03MAR2005:Cisco Networks: http://www.cisco.com/warp/public/126/secpol.html

    There is a lot more that I found that I will update if deemed worthy here and look forward to seeing other information/links I have not found yet.

    \"An ant may well destroy a whole dam.\" - Chinese Proverb
    \"Not only can water float a craft, it can sink it also.\" - Chinese Proverb


  2. #2
    Senior Member
    Join Date
    Mar 2004
    NIST is starting to do some good work.

  3. #3
    AO Senior Cow-beller
    zencoder's Avatar
    Join Date
    Dec 2004
    Mountain standard tribe.
    I'm surprised there is no mention of SANS. They have a wealth of information, and participate in many 'think tanks' and the creation of many standards.


    Also, the GIAC white papers could be a HUGE wealth of this sort of information, if one wanted to search through the topics and such...I don't recall how easy it is to find data in that forum, but I know the content should be top notch.


    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  4. #4

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts