Re: Best Practices

[Shailesh Rangari <shailesh.sf () gmail com>]

John,

ISO 27001 would not go into commenting on Risk Mitigation Practices.  
It mentions the Controls to Mitigate Risks and not
It will cover these issue in the domains of Access Control, Asset  
Management, Communications & Operations Management, etc.

You can probably look into COSO's ERM or ISACA's COBIT Frameworks.

Regards,
Shailesh

On Feb 16, 2009, at 7:02 AM, John wrote:

> Hi All,
>
> I was just wondering whether we have any web resources which will  
> cater to
> best information security practices follwed for the following  
> departments:
>
> 1. IT
> 2. HR
> 3. Admin / Facilities
>
> I know there are standards like ISO 27001 but it does not exactly go  
> in the
> details. For e.g. If company has access control cards issued to the
> employees....what are the pros and cons of this control from Risk
> perspective and any other alternatives to this control etc.
>
> Please comment.
>
> Thanks.