Security Basics mailing list archives
Re: The procedural aspects and work valorization of an IT Security Service, Advice needed
From: Mehdi Bahribayli <m.bahribayli () gmail com>
Date: Tue, 3 Mar 2009 18:01:19 +0330
Mohamed, First of all choose an appropriate mailing list to post your question (I think bs7799 () securityfocus com is most appropriate for your case) and don't broadcast your mail to all available mailing lists! The most important task in your case is to get support of higher management. You can start with a "business case" document to present impact of an information security management system on you business to your managers (what should you pay? what would you gain? what will you lose if you don't have such a system in place? ... ). You can complete you "business case" with some real samples of malicious things that can be done (Get permission of you manager before preparing those real samples. Prepares samples that is related to issues very important to your managers). Stay Cool Mehdi On Sun, Mar 1, 2009 at 4:21 PM, Mohamed Aymen SAHLI <sahli.aymen () gmail com> wrote:
Hi list, I need pointing on an issue i have with my new job and I hope to find some help hereby. I am occupying an IT Security engineer position within a telecom operator, this position, and the matter of fact the whole security service, is considered to be purely belonging to the operations department having its duties mainly focused on maintaining the day-to-day supervision and administration of equipments and such like. There are two issues I would like to have you advice on: First, due to the fact that maintaining the smooth working of the IT Systems do not have direct appreciable results intelligible by the manager’s board, what mechanisms do you guys use to valorize you work so it don’t goes overlooked. Secondly, as a direct result of considering the security as plus or minus a hardware administration matter, there is almost no procedures in place relating to security, change management/security issues logging and analysis etc… hence my question, what framework would you use to develop the procedural aspect of security and how would you convince the managers board of its importance. Are there any examples of documents relating to security incidents reporting, security project achievement follow-up etc… I could base my work on? … Looking forward to reading from you. All inputs are appreciated. Best regards.
Current thread:
- The procedural aspects and work valorization of an IT Security Service, Advice needed Mohamed Aymen SAHLI (Mar 02)
- RE: The procedural aspects and work valorization of an IT Security Service, Advice needed Murda Mcloud (Mar 03)
- Message not available
- Re: The procedural aspects and work valorization of an IT Security Service, Advice needed Mehdi Bahribayli (Mar 03)