Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > public security policy

Reply
Thread Tools

public security policy

 
 
Shane Petroff
Guest
Posts: n/a
 
      05-21-2004

It seems to me that the more computer security issues come to the
forefront (both literally in terms of the number of breaches as well as
the amount of media coverage), that a software company's security
'posture' could become a marketing advantage. By posture, I mean the
company's outward stance and expressions of how it handles security
related issues. (Hopefully backed up by its actions...) I'm thinking of
Application Service Provider types of companies mainly, but the same
could apply to anyone who even temporarily holds onto someone elses data.

If I can convince a potential customer that my system is more secure
than average, or better than a competitor, then other things being
equal, more people should choose my system. To that end, I would want to
make as much as possible, of my security policy public. The problem of
course is that I also need to avoid exposing vulnerabilities, even
indirectly.

I've tried looking around for other examples of public policies, but I'm
not getting anywhere fast. It seems that everyone keeps as tight a lock
on this information as possible and balks at the suggestion of making
any of it public. I'm not a security expert, but I do know enough to be
sure that there is no harm in making some information that is contained
in a security policy public. Does anyone know of any guidelines for
which aspects can and can't be made public? Also, does anyone have any
recommendations about how to best structure a security policy (public or
private)?

Thanks in advance

--
Shane
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
microsoft.public.certification, microsoft.public.cert.exam.mcsa, microsoft.public.cert.exam.mcad, microsoft.public.cert.exam.mcse, microsoft.public.cert.exam.mcsd loyola MCSE 4 11-15-2006 02:40 AM
microsoft.public.certification, microsoft.public.cert.exam.mcsa, microsoft.public.cert.exam.mcad, microsoft.public.cert.exam.mcse, microsoft.public.cert.exam.mcsd loyola Microsoft Certification 3 11-14-2006 05:18 PM
microsoft.public.certification, microsoft.public.cert.exam.mcsa, microsoft.public.cert.exam.mcad, microsoft.public.cert.exam.mcse, microsoft.public.cert.exam.mcsd loyola MCSD 3 11-14-2006 05:18 PM
microsoft.public.certification, microsoft.public.cert.exam.mcsa, microsoft.public.cert.exam.mcad, microsoft.public.cert.exam.mcse, microsoft.public.cert.exam.mcsd realexxams@yahoo.com Microsoft Certification 0 05-10-2006 02:35 PM
microsoft.public.dotnet.faqs,microsoft.public.dotnet.framework,microsoft.public.dotnet.framework.windowsforms,microsoft.public.dotnet.general,microsoft.public.dotnet.languages.vb Charles A. Lackman ASP .Net 1 12-08-2004 07:08 PM



Advertisments