Which Revision of the AuditColorChart is BEST for YOU?

------------------------------------------------------------ 

updated: 16 July 1998      revID:  1c 
by:   Bill Schell          e-mail: rhk657@email.mot.com

-------------------------------------------------------------


There are currently (July 1998) three versions of the "Audit Color
Chart" and it's associated approach, files, and application to your
organization.

Here's a very brief description of those different versions, and then
go "back" and choose one of the three versions, and choose your
desired item within that area.

Version 1 - basic (2-page) spreadsheet with only "red-yellow-green"
result(s) on a very basic set of security issues

This version is very "subjective", it is probably the right choice for
small organizations (less than 100 computers or users). It is probably
the right choice for "non-risky" computing environments (organizaitons
who's information does not have a HUGE impact on the bottom line -
that doesn't contain a HUGE amount of intellectual property, etc.

Version 2 - medium (2 page) - the above chart(s) with added items in
the "subjects to be secured" area, for both small and large
organizations

Version 3 - advanced (4 page) extensively detailed list of action
items to check / audit / grade (red-yellow-green(and/or
number-scores)) - it checks more aspects of security and then scores
them, numerically, to determine some hard & measureable values on the
"level" of your security.  Used over time this tool can help you
determine are your more or less secure?

it is primarily intended for organizations (computers & networks) that
have a HIGH DEGREE of very risky Intellectual property, or financial
data and/or because of it's business nature has a high potential for
un-authorized intrusion.


make your selection as you wish - in each directory there is not only
the (Macintosh) Excel 5 template, but there are some "gifs" of
screen-shots so you don't have to down-load the whole Excel...


Note to one & all: -

ALL of these models can be taken and tailerd by you to YOUR PARTICULAR
environment.

I hold no copyright or trade-mark on this concept - it is YOURs to use
where/how you believe is best in YOUR organization. - I would like to
be given some "one-line credit" for the "CONCEPT" but the
implementation is your secret / your responsibility.