Main Page: Difference between revisions
No edit summary |
No edit summary |
||
| Line 6: | Line 6: | ||
'''The HORSE project is open to the entire community. We only ask that contributed work be relevant and that the contributed work maintain the present format of this project.'''<br> | '''The HORSE project is open to the entire community. We only ask that contributed work be relevant and that the contributed work maintain the present format of this project.'''<br> | ||
<br> | <br> | ||
The best place to start is through the [ | '''The best place to start is through the [http://www.lazarusalliance.com/horsewiki/index.php/HORSE_-_Holistic_Operational_Readiness_Security_Evaluation.:Community_Portal '''Community portal'''] link.'''<br> | ||
<br> | <br> | ||
With existing and constantly emerging information security control requirements burdening the enterprise, how do we get our arms around this challenge while maintaining our sanity? The goal is to provide a clear compliance path for industry and legislative requirements. This body of work in the end should reach as large an audience as possible facilitating broader acceptance within the corporation. The old adage of “Work smarter, not harder” applies like it never has before. With the disparate demands of Sarbanes-Oxley, HIPPA, PCI, GLBA, and many others, it is easy to understand why there is so much frustration and expense involved in compliance. There is no clear end to the challenges as information security practitioners we are faced with. There is however a relatively clear solution. Distill the unique control requirements out and consolidate the common ones into a unified framework. Information security concepts should not be proprietary. A unified community effort to improve the condition of information security benefits everyone. This includes every public or private organization no matter what the size, shape, or form they come in. By protecting information, you protect identities, profits, reputations, and the list goes on and on.<br> | With existing and constantly emerging information security control requirements burdening the enterprise, how do we get our arms around this challenge while maintaining our sanity? The goal is to provide a clear compliance path for industry and legislative requirements. This body of work in the end should reach as large an audience as possible facilitating broader acceptance within the corporation. The old adage of “Work smarter, not harder” applies like it never has before. With the disparate demands of Sarbanes-Oxley, HIPPA, PCI, GLBA, and many others, it is easy to understand why there is so much frustration and expense involved in compliance. There is no clear end to the challenges as information security practitioners we are faced with. There is however a relatively clear solution. Distill the unique control requirements out and consolidate the common ones into a unified framework. Information security concepts should not be proprietary. A unified community effort to improve the condition of information security benefits everyone. This includes every public or private organization no matter what the size, shape, or form they come in. By protecting information, you protect identities, profits, reputations, and the list goes on and on.<br> | ||
Revision as of 14:58, 13 June 2006
Welcome to the Holistic Operational Readiness Security Evaluation (HORSE) project Wiki.
We would like to invite the information security community to participate in this open community project. The intention is ultimately to raise the proficiency level of information security auditors, security practitioners, financial auditors, and anyone who verifies that controls exist over business systems.
The HORSE project is open to the entire community. We only ask that contributed work be relevant and that the contributed work maintain the present format of this project.
The best place to start is through the Community portal link.
With existing and constantly emerging information security control requirements burdening the enterprise, how do we get our arms around this challenge while maintaining our sanity? The goal is to provide a clear compliance path for industry and legislative requirements. This body of work in the end should reach as large an audience as possible facilitating broader acceptance within the corporation. The old adage of “Work smarter, not harder” applies like it never has before. With the disparate demands of Sarbanes-Oxley, HIPPA, PCI, GLBA, and many others, it is easy to understand why there is so much frustration and expense involved in compliance. There is no clear end to the challenges as information security practitioners we are faced with. There is however a relatively clear solution. Distill the unique control requirements out and consolidate the common ones into a unified framework. Information security concepts should not be proprietary. A unified community effort to improve the condition of information security benefits everyone. This includes every public or private organization no matter what the size, shape, or form they come in. By protecting information, you protect identities, profits, reputations, and the list goes on and on.
"One Stop Shopping"
The end result of this collaborative effort will be a comprehensive control framework that anyone might use to verify the status of operational security controls within the enterprise. This framework is being developed to encompass any legislative requirement or industry requirement with a common evaluation framework.
The ideal end result would be that the HORSE framework guides the organization though a single audit event in a sustainable fashion completing an audit in one pass, testing evidence in one pass, and constructing a sustainable process that ultimately raises the bar within the enterprise in a more organized efficient manner.
--Mdpeters 18:48, 20 January 2006 (EDT)
This collaborative effort is sponsored by the information security professionals of Lazarus Alliance Inc. lazarusalliance.com. This site is protected by the SafetyNET safetynet-info.com suite of appliances, products, and services available only from Lazarus Alliance Inc.
