I think they are good lists. Continuous education is necessary. However it doesn't tell people what to do exactly (OK, maybe it shouldn't). Some like "Develop and implement appropriate system failure procedures" are easy (backups) "Review work quality and develop a sound system of controlling employees with access to data" needs more work. I'd like to add SANS also has meaningful docs.
Last edited by unSpawn; 04-08-2008 at 08:39 AM.
|