RE: First day and week as CISO?



Conduct a fresh organization-wide risk assessment to determine the
stregths and weaknesses of the information security controls and
practices; the existing security staff probably know a handful of
weaknesses off-hand (sore points which they have previously been
unsuccessful at better securing). There are many benefits: you are able
to present management a fresh understanding of the security posture, you
are able to identify areas which they have de facto already accepted a
risk, whether they know it or not (and if an incident occurs as a result
of the existing security state you have CYA), and you are able to spin
off a justified list of projects to mitigate those risks on the horizon.

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of cisohelp@xxxxxxxxxxxxxx
Sent: Sunday, November 30, 2008 11:23 AM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: Re: First day and week as CISO?

throw away wrote:
Scenario....

Going to be interviewing soon for a CISO..

One of the questions were going to be asking is the theroy question
below:

What would you do in the first day and week on the job?

The company is multi-million $ company, web based, sites all over the
globe. 100's of users, 100's of servers, and a hell of alot of
firewall's.

Any thoughts?



Relevant Pages

  • RE: Why Easy To Use Software Is Putting You At Risk
    ... I do agree that the additions and changes to Solarius will make it more secure and that this is good. ... Why Easy To Use Software Is Putting You At Risk ... instead I would say that the view that security is ... Four Construction Workers Died after Crane Collapse in Toledo, ...
    (Security-Basics)
  • RE: Why Easy To Use Software Is Putting You At Risk
    ... Why Easy To Use Software Is Putting You At Risk ... Four Construction Workers Died after Crane Collapse in Toledo, ... The first issue to address is yes you found a vulnerability and it was ... a Security Discussion board, that is what we do here. ...
    (Security-Basics)
  • More food for thought
    ... Basic Risk Analysis ... I have taken a position that the professional security community in general ... has and will continue to fail because they are operating under the same ... storing those backups safely offsite in a secure location on a daily basis. ...
    (comp.security.misc)
  • More food for thought
    ... Basic Risk Analysis ... I have taken a position that the professional security community in general ... has and will continue to fail because they are operating under the same ... storing those backups safely offsite in a secure location on a daily basis. ...
    (comp.os.ms-windows.nt.admin.security)
  • Re: Risk metrics
    ... security management life cycle. ... more objective snapshot of a company's risk posture. ... > traditional risk metrics in pen-tests cannot be ... >> vulnerability works, and if an exploit is in the ...
    (Pen-Test)