PostNuke

Flexible Content Management System

News

Introducing: The PostNuke Information Security Manager

Contributed by on Jun 13, 2002 - 09:28 AM

Although I am new to PostNuke, I have over eight years of professional experience in the field of information security. I hope to share my skills and experiences in information security management, intrusion detection, incident response, system auditing, threat and risk assessments, and security design.




PostNuke Project information has value and is an asset that should be protected.




Specifically, I will assist the PostNuke Project in maintaining the confidentiality, integrity, and availability of the project's information and assets.




Some of the information I have identified so far:


* Personal information provided by users when registering on postnuke.com websites.


* Userids and passwords used by PostNuke management for supporting and maintaining postnuke.com systems.


* Userids and passwords of postnuke.com users.


* Open source software developed by the PostNuke community and distributed by postnuke.com.


* Project documentation developed by the PostNuke community and distributed by postnuke.com.


* Moderated and unmoderated discussion forums, news announcements, mailing lists, and other content hosted on postnuke.com.




Objectives:




1. Effectively manage the risk of security exposure or compromise within the Postnuke Project;


2. Communicate the responsibilities for the protection of information;


3. Establish a secure infrastructure and a stable processing environment;


4. Establish accountability for acceptable and unacceptable use of the Postnuke Project owned and managed information and assets, supporting systems and processes;


5. Protect and preserve Postnuke Project management’s options in the event of an information asset misuse, loss or unauthorized disclosure;


6. Protect the Postnuke Project reputation, image, and brand identity.




With feedback from the PostNuke Project and community, I would like to draft an information security policy that respects the privacy of users and highlights the requirements for information that is freely shared and used by all.




I would love to hear all comments or suggestions. If you're interested in contributing in the areas of security please let me know, only a passion to learn and explore required.




Regards,


Brian Erdelyi, CISSP


PostNuke, Information Security Manager
3650