Bayt.com

Start networking and exchanging professional insights

Register now or log in to join your professional community.

Follow

You are the first Information Security Manager in a company , what will be your top checklist items on the first days ?

Information Security Policy IT Management IS Security ICT Security IT Security
user-image
Question added by Hussein Bahgat , Information Security manager , Standard Chartered Bank –
Date Posted: 2014/09/07
Upvote (1) Views (3) Followers (7) Answers (5) Report Question
Write an Answer
Register now or log in to answer.
Ayoub Tartir , PMP, GWCPgM, CISA, CISSP, CAP, CSSLP, FITSP-D, CEH, CHFI, CCNA, CCNA Security, Security+, Network+

As an IS Manager, my first priority will be definatilly to build a support and a work relationship with senior management. This will definatilly lead to succeed the IS management framework which includes: governance, policies, standards, procedures, and guidelines

Moiz Bastawalla
by Moiz Bastawalla , Business Intelligence , Confidential

Firstly one need to understand the current setup. Do a BIA if not done and suggest for any additional security measures if required in existing current infrastructure

ernesto castro

to protect the interest of the employer and the building and work  with good governance  relationship with the management and the policies of emflementing the rules.

 

Jayakrishnan C P
by Jayakrishnan C P , Security Service Manager , Metmox Inc

  1. Understanding your team. Getting information of capabilities of each individual
  2. Proper Understanding of Network Zone. understand the assets placed on DMZ zones.
  3. Build a good relation with Senior Management, Network and System Operations and Local Desk Site Support. 

 

Umer Saeed
by Umer Saeed , Security Consultation and Vulnerability Assessment , Entrepreneur

You need to know what you are up against and what are you protecting.

 

First and foremost, if Management isnt supportive and doesnt live to show they care for Information/IT Security themselves, Nothing will be deemed an "Achievement" for you and will be resisted.

Second, Discover your environment. There are signs to look for.

 

Old, predated hardware.

Prehistoric approaches to protecting information e.g. server passwords noted down on post-its on walls and rooms.

No logging and tracking of what is configured, how it is configured and who and when made the last changes? Untested and unapproved changes can form hidden disaster for the security guy any time.

Training and awareness.

 

Dont jump of buying tech or software right off from start, first do your homework and then find a suitable cheap/free alternative for your requirements.

Once you have your requirements straight, it will be far easier to develop a to-do list that works

 

 

Write Your Answer
More Questions Like This