My name is Trevor, and I'm a student at UAT, doing some research on different implementation frameworks for establishing a security policy. In particular, I came across the SKiP (Security Knowledge in Practice) framework, and saw some advantages and disadvantages.
This framework has 6 separate steps to help with the implementation, including portions dedicated to picking vendors, as well as hardening and securing your own network. Unfortunately, what it lacks, like many frameworks and standards, is any sort of technical direction.
I was wondering if there is anyone out there that has experience with this implementation framework. Does it play out as practically as it sounds, or is it more difficult than it should be?