I recently learned about
SKiP, Security Knowledge in Practice, in one of my classes at UAT and I am very
intrigued by it. I did not realize that
the problem-based approach was the common.
I guess that is one of the great advantages of SKiP, being a
process-based approach to organize and implement security. I used to work in a small organization that
was based on federal grants. The
turn-over rate for employees was also high.
Looking back now, I realize we utilized the problem-based approach to
security. Does anybody have any
suggestions on how to begin attempting to build and sustain security for our
information assets? Would a
“clean-slate” work best or would incorporating one asset at a time be the best
way? Also, does anybody have experience
with SKiP and smaller organizations? Any
advice would be helpful.
Software/Hardware used: Microsoft Server 2003, Windows XP, Office 2007