Security Basics mailing list archives
RE: The procedural aspects and work valorization of an IT Security Service, Advice needed
From: "Murda Mcloud" <murdamcloud () bigpond com>
Date: Tue, 3 Mar 2009 11:38:11 +1000
This sounds like a long term cultural change that you are trying to initiate. It will be bolstered by having reports etc but also by simply raising questions on what is important to the company, business-wise and then possibly pointing out how much financial benefit the company will get from improving their security posture. This means you need to have the ear of management/ceo etc. One of my first things I did at a company I worked at that had NO security attitude at all, was to start sending out emails raising the awareness of the needs for not replying to spam or not just opening random attachments. Then I started to 'evangelise' about security and sent round news reports about current problems. Also, educating people was helped by having presentations for senior staff and others highlighting the problems we face today(Free sweets and lollies help here). This became an ongoing thing and slowly but surely the security stance changed. Good on you for attempting the difficult...
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Mohamed Aymen SAHLI Sent: Sunday, March 01, 2009 10:52 PM To: security-basics () securityfocus com; bugtraq; bs7799 () securityfocus com; bugtraq-french () securityfocus com Subject: The procedural aspects and work valorization of an IT Security Service, Advice needed Hi list, I need pointing on an issue i have with my new job and I hope to find some help hereby. I am occupying an IT Security engineer position within a telecom operator, this position, and the matter of fact the whole security service, is considered to be purely belonging to the operations department having its duties mainly focused on maintaining the day-to-day supervision and administration of equipments and such like. There are two issues I would like to have you advice on: First, due to the fact that maintaining the smooth working of the IT Systems do not have direct appreciable results intelligible by the managers board, what mechanisms do you guys use to valorize you work so it dont goes overlooked. Secondly, as a direct result of considering the security as plus or minus a hardware administration matter, there is almost no procedures in place relating to security, change management/security issues logging and analysis etc hence my question, what framework would you use to develop the procedural aspect of security and how would you convince the managers board of its importance. Are there any examples of documents relating to security incidents reporting, security project achievement follow-up etc I could base my work on? Looking forward to reading from you. All inputs are appreciated. Best regards.
Current thread:
- The procedural aspects and work valorization of an IT Security Service, Advice needed Mohamed Aymen SAHLI (Mar 02)
- RE: The procedural aspects and work valorization of an IT Security Service, Advice needed Murda Mcloud (Mar 03)
- Message not available
- Re: The procedural aspects and work valorization of an IT Security Service, Advice needed Mehdi Bahribayli (Mar 03)