Main Page: Difference between revisions

From HORSE - Holistic Operational Readiness Security Evaluation.
Jump to navigation Jump to search
 
(102 intermediate revisions by the same user not shown)
Line 1: Line 1:
=='''Welcome to the Holistic Operational Readiness Security Evaluation (HORSE) project Wiki.'''==
==Welcome to the Holistic Operational Readiness Security Evaluation (HORSE) project Wiki.==
 
The HORSE Project - Lazarus Alliance Foundation, Inc. is a nonprofit 501(c)(3) charitable organization dedicated to encouraging the growth, development and distribution of free, multilingual, cyber security focused educational content, and to providing the full content of this wiki-based project to the public free of charge.<br>
We would like to invite the information security community to participate in this open community project.  The intention is ultimately to raise the proficiency level of information security auditors, security practitioners, financial auditors, and anyone who verifies that controls exist over business systems.<br>
<br>
<br>
<font color=blue>Our intention is that the HORSE project evolves into the most comprehensive, most beneficial, most assessable, and freely available information security guidance framework on the planet.</font><br>
We would like to invite the information security community to participate in this open community project.  The intention is ultimately to raise the proficiency level of information security auditors, security practitioners, lawyers and legal practitioners, financial auditors, and anyone who verifies that controls exist over business systems. Our intention is that the HORSE project evolves into the most comprehensive, most beneficial, most accessible, and freely available information security guidance framework on the planet.<br>
<br>
<br>
'''The HORSE project is open to the entire community. We only ask that contributed work be relevant and that the contributed work maintain the present format of this project.'''<br>
<font color=dark red>With well over '''2 million visits''' and still going strong, the HORSE project has been a great and '''FREE''' resource since 2006!</font>
<br>
<br>
With existing and constantly emerging information security control requirements burdening the enterprise, how do we get our arms around this challenge while maintaining our sanity? The goal is to provide a clear compliance path for industry and legislative requirements. This body of work in the end should reach as large an audience as possible facilitating broader acceptance within the corporation. The old adage of “Work smarter, not harder” applies like it never has before. With the disparate demands of Sarbanes-Oxley, HIPPA, PCI, GLBA, and many others, it is easy to understand why there is so much frustration and expense involved in compliance. There is no clear end to the challenges as information security practitioners we are faced with. There is however a relatively clear solution. Distill the unique control requirements out and consolidate the common ones into a unified framework. Information security concepts should not be proprietary. A unified community effort to improve the condition of information security benefits everyone. This includes every public or private organization no matter what the size, shape, or form they come in. By protecting information, you protect identities, profits, reputations, and the list goes on and on.<br>
[[File:ITAM-Mechanized-HORSEPROJECT.png|300px|thumb|left|Visit AuditMachine.com or LazarusAlliance.com]]
<br>
 
<blockquote style="background: #FF6833; padding: 1em; margin-left: 0.5em;">
==Synopses==
Once registered, the best place to start is through the [http://www.lazarusalliance.com/horsewiki/index.php/HORSE_-_Holistic_Operational_Readiness_Security_Evaluation.:Community_Portal  '''Community portal'''] link. Please take just a moment to include some information about yourself on your accounts personal page.''' Be sure to add and validate an email address under your "My Preferences" tab at the top.''' Enable the option to receive email from other HORSE Project Wiki members. It will remain private and it is the only way project members will be able to contact you.
With existing and constantly emerging information security control requirements burdening the enterprise, how do we get our arms around this challenge while maintaining our sanity? The goal is to provide a clear compliance path for industry and legislative requirements. This body of work in the end should reach as large an audience as possible facilitating broader acceptance within the corporation. The old adage of “Work smarter, not harder” applies like it never has before. With the disparate demands of Sarbanes-Oxley, HIPAA, PCI, GLBA, FedRAMP, Cyber Essentials, Safe Harbor, FISMA, FIPS standards, NIST Special Publications, and many others, it is easy to understand why there is so much frustration and expense involved in compliance. There is no clear end to the challenges as information security practitioners we are faced with. There is however a relatively clear solution. Distill the unique control requirements out and consolidate the common ones into a unified framework. Information security concepts should not be proprietary. A unified community effort to improve the condition of information security benefits everyone. This includes every public or private organization no matter what the size, shape, or form they come in. By protecting information, you protect identities, profits, reputations, and the list goes on and on.<br>
</blockquote>


'''"One Stop Shopping"'''<br>
'''"One Stop Shopping"'''<br>


The end result of this collaborative effort will be a comprehensive control framework that anyone might use to verify the status of operational security controls within the enterprise. This framework is being developed to encompass any legislative requirement or industry requirement with a common evaluation framework.<br>
The end result of this collaborative effort will be a comprehensive control framework that anyone might use to verify the status of operational security controls within the enterprise. This framework is being developed to encompass any legislative requirement or industry requirement with a common evaluation framework. The HORSE framework guides the organization through a single audit event in a sustainable fashion completing an audit in one pass, testing evidence in one pass, and constructing a sustainable process that ultimately raises the bar within the enterprise in a more organized efficient manner.


The ideal end result would be that the HORSE framework guides the organization though a single audit event in a sustainable fashion completing an audit in one pass, testing evidence in one pass, and constructing a sustainable process that ultimately raises the bar within the enterprise in a more organized efficient manner.<br>
==Our Sponsor==
[[File:Lazarus-alliance-red-lock-2013040501-100x100.png]]<br>
Founded in 2000, '''[http://www.lazarusalliance.com/index.php Lazarus Alliance]''' is on the cutting edge of IT security, [http://lazarusalliance.com/services/risk-management/ risk], privacy, [http://lazarusalliance.com/services/policies-governance/ governance], [http://lazarusalliance.com/services/audit-compliance/ cyberspace law and compliance leadership], innovation and services provided to the global community. With significant contributions and innovations such as the [https://auditmachine.com/ IT Audit Machine], [http://policymachine.com/ The Policy Machine], [https://lazarusalliance.com/services/your-personal-cxo/ Cybervisors], SafetyNET, the Holistic Operational Readiness Security Evaluation (HORSE Project), The Security Trifecta, [http://lazarusalliance.com/services/your-personal-cxo/ Your Personal CXO] and many other progressive initiatives, it’s no wonder that Lazarus Alliance has become a leading international name synonymous with leadership, quality, customer service and innovation.<br>
<br>
<br>
 
Lazarus Alliance’s primary purpose is to help organizations attain, maintain, and demonstrate compliance and information security excellence – in any jurisdiction. Lazarus Alliance specializes in IT security, risk, privacy, governance, cyberspace law and compliance leadership solutions and is fully dedicated to global success in these disciplines.<br>
=='''NEWS'''==
<blockquote style="background: white; padding: 1em; margin-left: 0.5em;">
[[Image:horse-100-wikians-tn.jpg|left|thumb]]<br>
<br>
<br>
<font color=purple> The HORSE Project Wiki now has '''100''' members and is growing strong! We are excited that information security subject matter experts are coming together for the greater good to participate in this project.</font> --[[User:Mdpeters|Mdpeters]] 07:39, 28 June 2007 (EDT) <br>
With extensive specialization in [http://lazarusalliance.com/services/audit-compliance/fedramp-fisma-nist-audit/ FedRAMP], [http://lazarusalliance.com/services/audit-compliance/hipaa-audit/ HIPAA], [http://lazarusalliance.com/services/audit-compliance/ssae-16-audit/ SSAE 16], [http://lazarusalliance.com/services/audit-compliance/ SOX], [http://lazarusalliance.com/services/audit-compliance/iso-27000-audit/ ISO 27000's], [http://lazarusalliance.com/services/policies-governance/ governance, policy development], [http://lazarusalliance.com/services/audit-compliance/ IT audit], [http://lazarusalliance.com/services/audit-compliance/ IT compliance], [http://lazarusalliance.com/services/risk-management/ IT Risk Management] and more, please visit Lazarus Alliance for more information.<br>
</blockquote><br>
<br>
<br>
<font color=blue>'''Lazarus Alliance is a proud veteran owned business.'''</font>
==Getting Started==
<blockquote style="background: #d7a127; padding: 1em; margin-left: 0.5em;">
Once registered, the best place to start is through the [http://www.lazarusalliance.com/horsewiki/index.php/HORSE_-_Holistic_Operational_Readiness_Security_Evaluation.:Community_Portal  '''Community portal'''] link. Please take just a moment to include some information about yourself on your accounts personal page.''' Be sure to add and validate an email address under your "My Preferences" tab at the top.''' Enable the option to receive email from other HORSE Project Wiki members. It will remain private and it is the only way project members will be able to contact you.
</blockquote>
<br>
<br>
'''Please request the ability to edit content from the system administrators.''' The HORSE project is open to the entire community. We only ask that contributed work be relevant and that the contributed work maintain the present format of this project.
==Author Opportunities==
<blockquote style="background: #41B7F7; padding: 1em; margin-left: 0.5em;">
Would you like to be the author or co-author of a book in the The Holistic Operational Readiness Security Evaluation: HORSE Project Series?<br>
<br>
<br>
:'''<font color=darkgreen> [[Image:cool1.gif]] The HORSE Wiki has been designated a "Cool Site" in the [http://dmoz.org/Computers/Security/Policy/Sample_Policies/ Netscape Open Directory]!'''  How ''cool'' is that!</font> -- [[User:Mdpeters|Mdpeters]] 21:34, 15 March 2007 (EDT)<br>
Volume 1, Governance Documentation and Information Technology Security Policies Demystified, is being prepared already for publication, but the HORSE Project has many other subjects to produce. IT Governance, IT Law, Privacy, Compliance, General IT Security, HORSE Framework and many other focus areas are available. Contact any HORSE Project administrator for more information.<br>
<br>
<br>
:'''<font color=darkblue> [[Image:sy00250_.jpg]] The HORSE Wiki has turned 1!''' Thanks to everyone for the continued growth and exceptional content.</font> -- [[User:Mdpeters|Mdpeters]] 14:42, 1 February 2007 (EST)<br>
Writing HORSE Project articles, focus topics, presentations, and publications is a great way to earn CPE credits towards professional certifications such as CISSP, CISA, CISM, CIPP, GIAC, and many other industry standards.
</blockquote>
 
==Companion Projects==
{| border="0" align="left" style="text-align:left;" cellpadding="6"
|[[File:AuditMachine-AD2014.gif]]
|Lazarus Alliance demystifies the complexity of IT governance, risk and compliance. Visit the [https://auditmachine.com IT Audit Machine] for more information.
|}<br>
<br>
<br>
:{|  border="0" width="100%" id="table1" cellspacing="2" cellpadding="2"
|  width="50" | [[Image:Redlock.jpg]]
|  bgcolor="yellow" |'''We now unfortunately have a need to deal with spammers and vandals. If you encounter inappropriate content anywhere on the site please contact the sysops so we can take measures. Feel free to roll back the changes or edit out the vandal's work.'''
|}
<br>
<br>
----
{| border="0" align="left" style="text-align:left;" cellpadding="6"
|[[File:HORSE-BOOK-V1-TN.jpg]]
|I am pleased to announce the release of '''The Holistic Operational Readiness Security Evaluation: HORSE Project Series: [http://www.amazon.com/Holistic-Operational-Readiness-Security-Evaluation/dp/1468063871/ref=sr_1_1?s=books&ie=UTF8&qid=1330543900&sr=1-1 Governance Documentation and Information Technology Security Policies Demystified]''' out on bookshelves everywhere.<br>
<br>
<br>
'''--[[User:Mdpeters|Mdpeters]] 18:48, 20 January 2006 (EDT)'''
Holistic Operational Readiness Security Evaluation - HORSE Project Series Volume 1 is the professional companion book to the popular global resource, the HORSE Project Wiki, that provides a comprehensive examination of corporate information technology and security governance documents ranging from a corporate charter, policies and standards. This book provides a holistically approachable road map to design, ratification, implementation and maintenance of corporate security program policies. The guidance contained within has been the bedrock for corporate governance within some of the biggest organizations throughout the world.
 
|}<br>
 
This collaborative effort is sponsored by the information security professionals of '''Lazarus Alliance Inc.''' [http://lazarusalliance.com lazarusalliance.com]. This site is protected by the '''SafetyNET''' [http://safetynet-info.com safetynet-info.com] suite of appliances, products, and services available only from '''Lazarus Alliance Inc.'''<br>
 
<br>
[[Image:safetynet-masthead.jpg]]<br>
<br>
<br>
{| border="0" align="left" style="text-align:left;" cellpadding="6"
|[[File:Linkedin.jpg]]
|[http://www.linkedin.com/groups/HORSE-Project-Wiki-Holistic-Operational-2921059?trk=myg_ugrp_ovr '''Join the Linkedin HORSE Project Group'''] and share with your LinkedIn connections your contributions to the HORSE Project.
|}

Latest revision as of 20:49, 13 September 2016

Welcome to the Holistic Operational Readiness Security Evaluation (HORSE) project Wiki.

The HORSE Project - Lazarus Alliance Foundation, Inc. is a nonprofit 501(c)(3) charitable organization dedicated to encouraging the growth, development and distribution of free, multilingual, cyber security focused educational content, and to providing the full content of this wiki-based project to the public free of charge.

We would like to invite the information security community to participate in this open community project. The intention is ultimately to raise the proficiency level of information security auditors, security practitioners, lawyers and legal practitioners, financial auditors, and anyone who verifies that controls exist over business systems. Our intention is that the HORSE project evolves into the most comprehensive, most beneficial, most accessible, and freely available information security guidance framework on the planet.

With well over 2 million visits and still going strong, the HORSE project has been a great and FREE resource since 2006!

Visit AuditMachine.com or LazarusAlliance.com

Synopses

With existing and constantly emerging information security control requirements burdening the enterprise, how do we get our arms around this challenge while maintaining our sanity? The goal is to provide a clear compliance path for industry and legislative requirements. This body of work in the end should reach as large an audience as possible facilitating broader acceptance within the corporation. The old adage of “Work smarter, not harder” applies like it never has before. With the disparate demands of Sarbanes-Oxley, HIPAA, PCI, GLBA, FedRAMP, Cyber Essentials, Safe Harbor, FISMA, FIPS standards, NIST Special Publications, and many others, it is easy to understand why there is so much frustration and expense involved in compliance. There is no clear end to the challenges as information security practitioners we are faced with. There is however a relatively clear solution. Distill the unique control requirements out and consolidate the common ones into a unified framework. Information security concepts should not be proprietary. A unified community effort to improve the condition of information security benefits everyone. This includes every public or private organization no matter what the size, shape, or form they come in. By protecting information, you protect identities, profits, reputations, and the list goes on and on.

"One Stop Shopping"

The end result of this collaborative effort will be a comprehensive control framework that anyone might use to verify the status of operational security controls within the enterprise. This framework is being developed to encompass any legislative requirement or industry requirement with a common evaluation framework. The HORSE framework guides the organization through a single audit event in a sustainable fashion completing an audit in one pass, testing evidence in one pass, and constructing a sustainable process that ultimately raises the bar within the enterprise in a more organized efficient manner.

Our Sponsor


Founded in 2000, Lazarus Alliance is on the cutting edge of IT security, risk, privacy, governance, cyberspace law and compliance leadership, innovation and services provided to the global community. With significant contributions and innovations such as the IT Audit Machine, The Policy Machine, Cybervisors, SafetyNET, the Holistic Operational Readiness Security Evaluation (HORSE Project), The Security Trifecta, Your Personal CXO and many other progressive initiatives, it’s no wonder that Lazarus Alliance has become a leading international name synonymous with leadership, quality, customer service and innovation.

Lazarus Alliance’s primary purpose is to help organizations attain, maintain, and demonstrate compliance and information security excellence – in any jurisdiction. Lazarus Alliance specializes in IT security, risk, privacy, governance, cyberspace law and compliance leadership solutions and is fully dedicated to global success in these disciplines.

With extensive specialization in FedRAMP, HIPAA, SSAE 16, SOX, ISO 27000's, governance, policy development, IT audit, IT compliance, IT Risk Management and more, please visit Lazarus Alliance for more information.

Lazarus Alliance is a proud veteran owned business.

Getting Started

Once registered, the best place to start is through the Community portal link. Please take just a moment to include some information about yourself on your accounts personal page. Be sure to add and validate an email address under your "My Preferences" tab at the top. Enable the option to receive email from other HORSE Project Wiki members. It will remain private and it is the only way project members will be able to contact you.


Please request the ability to edit content from the system administrators. The HORSE project is open to the entire community. We only ask that contributed work be relevant and that the contributed work maintain the present format of this project.

Author Opportunities

Would you like to be the author or co-author of a book in the The Holistic Operational Readiness Security Evaluation: HORSE Project Series?

Volume 1, Governance Documentation and Information Technology Security Policies Demystified, is being prepared already for publication, but the HORSE Project has many other subjects to produce. IT Governance, IT Law, Privacy, Compliance, General IT Security, HORSE Framework and many other focus areas are available. Contact any HORSE Project administrator for more information.

Writing HORSE Project articles, focus topics, presentations, and publications is a great way to earn CPE credits towards professional certifications such as CISSP, CISA, CISM, CIPP, GIAC, and many other industry standards.

Companion Projects

Lazarus Alliance demystifies the complexity of IT governance, risk and compliance. Visit the IT Audit Machine for more information.




I am pleased to announce the release of The Holistic Operational Readiness Security Evaluation: HORSE Project Series: Governance Documentation and Information Technology Security Policies Demystified out on bookshelves everywhere.


Holistic Operational Readiness Security Evaluation - HORSE Project Series Volume 1 is the professional companion book to the popular global resource, the HORSE Project Wiki, that provides a comprehensive examination of corporate information technology and security governance documents ranging from a corporate charter, policies and standards. This book provides a holistically approachable road map to design, ratification, implementation and maintenance of corporate security program policies. The guidance contained within has been the bedrock for corporate governance within some of the biggest organizations throughout the world.



Join the Linkedin HORSE Project Group and share with your LinkedIn connections your contributions to the HORSE Project.