The Visible Ops four step process is:
- Electrify the fence and modify first response.
- Catch & release and find fragile artifacts.
- Establish repeatable builds.
- Establish a repeatable build library.
This Computerworld rticle from last year provides a good explanation and introduction to these ideas.
The Visible Ops authors donated the results of their research to the Information Technology Process Institute (ITPI).
More information on Visible Ops is available through Tripwire. Thank you to Ron Gula for informing me of Visible Ops. Ron has a white paper explaining how his company's products help customers implement this framework and thereby improve their security and performance.
During the Webcast I was reminded of the new ISO/IEC 17799:2005 standard just released. Related information is posted at ISO 17799 News. I also heard that NIST 800-53 includes a mapping of its guidelines against the new ISO 17799, DoD Instruction 8500.2 (.pdf), DCID 6/3, GAO Federal Information Systems Controls Audit Manual (FISCAM, .pdf), and NIST 800-26.
To hear the NIST perspective on these standards, straight from Dr. Ron Ross himself, check out his recent presentation (.ppt) to my local ISSA chapter.