Security Management Strategies for the CIOAccess "Ping"
This article is part of the May 2006 issue of Identity crisis solved: Tips from a top identity management expert
If you want to do business with Home Depot, you've got to get past information risk manager Tony Spurlin's team of engineers. Using comprehensive evaluation processes and his homegrown assessment framework, his team examines potential partners' cor- porate security posture. Partners that haven't nailed down their security don't connect to Home Depot. How rigorous is your certification process? We have to provide an on-site assessment for our partners if they want to connect to us or use our data in any way. A team of engineers travels on site, and [the partner] goes through an interview, which is standardized and based on an information security framework I developed. It's a top-down, drilled down look at their corporate security posture, policies, technology solutions, and management and monitoring of security policies. Then, there's a final gap analysis to determine if they are in compliance with Home Depot policies. Do you run into resistance from partners? If there are issues, we recommend remediation, and they must remediate before anything goes into ... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
Hot Pick: Q1 Labs QRadar 5.0
Q1 Labs QRadar 5.0
-
Network Access Control: Endforce's Enterprise 2.5
Endforce's Enterprise 2.5
-
Vulnerability Assessment
Insecure.org's Nmap 4.01
-
Spy Catchers
PRODUCT REVIEW We take a close look at seven antispyware products. Can they keep your corporate desktops free of prying eyes?
-
Is Microsoft Trustworthy Yet?
PLATFORM SECURITY The fourth anniversary of its Trustworthy Computing Initiative is marked with mixed reviews from users.
-
Sendmail Sentrion GP product review
Product review of open source Sendmail Sentrion GP, which can build on software to enhance email security with antivirus, antispam and policy interface.
-
Hot Pick: Q1 Labs QRadar 5.0
-
-
Reborn Identity
IDENTITY MANAGEMENT GM's Jarrod Jasper drives a common user profile across all systems.
-
Recent Releases: Security product briefs, February 2006
Read about the security products released in February 2006.
-
Swiping Back
INDUSTRY COMPLIANCE With the goal of reducing fraud, the credit card associations' PCI standard scores points for clarity.
-
TippingPoint/3Com's TippingPoint X505 product review
In this product review, get info on TippingPoint/3Com's TippingPoint X505 intrusion prevention security tool. Learn about product cost, installation, setup and configuration features.
-
Safety Net
BITS & BOLTS Microsoft's .NET development framework can help your Web apps perform securely.
-
Reborn Identity
-
Columns
-
Editor's Desk: Show me the money
Dollar Signs
-
Layer 8: In security, leadership comes first
Groundhog Day
-
Perspectives: Security issues are similar worldwide
Security managers are concerned about the same things worldwide: Managing risk more effectively, making management care about security, and what to do about end users.
-
Ping
Tony Spurlin
-
Editor's Desk: Show me the money
More Premium Content Accessible For Free
Next-generation firewalls play by new rules
E-Zine
Firewalls started their journey to the next generation at about the same time as the Star Trek TV series. While the products have advanced with ...
Developing your endpoint security management transition plan
E-Handbook
This TechGuide will help you develop your endpoint security management transition plan. Articles focus on overcoming the challenges of Web-based ...
Unlock new pathways to network security architecture
E-Zine
Network security architecture is showing its age at many organizations. With new technology, different data types, and use of multi-generations of ...