RE: Review of the Radio Plus debate themed "Cybercriminalité: sommes-nous bien armés ?"

From: Hansley Chadee <hjc_at_innodisgroup.com>
Date: Wed, 3 Feb 2016 16:34:11 +0000

Hello
Apart from ISO, there are quite a few such as BS series. IETF, COBIT and others…

But these are mostly academic framework whereby all can be based upon…

Anyhow before trusting anyone with a network or a security check better check the credentials…

There are also certification authorities such as CISSP, CISA, CEH which provide a defense defence against snake-oil vendor (no offense meant!)..

I have seen many over the years, selling product which are deemed panacea for all ills.

Or youngling trusting open-source framework and codes to get all done. Unluckily life and an organization is much more complex than a simple OS versus OS..

Security starts with the talkative receptionist, the open port on the network, available data panel, administrative access to staff, byod on the network, defect on applications, password-security policies, database (information haven) security, security labelling of information….well..complex and never ending…

Enjoy..


Regards

Hansley Chadee J

From: mauritius-internet-users-bounce_at_lists.elandnews.com [mailto:mauritius-internet-users-bounce_at_lists.elandnews.com] On Behalf Of Loganaden Velvindron
Sent: 03 February 2016 18:47
To: mauritius-internet-users_at_lists.elandnews.com
Subject: Re: Review of the Radio Plus debate themed "Cybercriminalité: sommes-nous bien armés ?"


On 2/1/16 12:22 AM, Jules Mike Giovanni wrote:
Hi SM,


The interaction is on an active basis. If, in my experience,

something could be a problem I'll point it out to the customer. The

customer might ask for more information if that is needed. I provide

a report to the customer so that the management can verify the

information I provided. I don't usually have to get into the details

of the practices or legislation unless I am asked or if that has to

be included in the report.

Thank you for your response! Does it ever happen that you have to provide the same report with a different technical level or attention to details (e.g one for the management needs and understanding and another for any technical department) ?


I do not use the ISO standards for security as those standards are not freely available.

Do you mean ISO standards like ISO 27001 and ISO 27002 ? Sorry if it might be silly, but what are some alternatives of the ISO standards for security in that regards and are they as effective as their counterparts?

Hi Mike,

Going through your blog:

"
(Be aware that I work with low-level -at the core- networking and the methods I've shown are some of
â•‘ the ones used by non-IT experts "




How come you are doing low level core networking, yet being unaware that Internet Engineering Task Force RFC document best security practices ?



Received on Wed Feb 03 2016 - 16:34:34 PST