Register now or log in to join your professional community.
to protect the interest of the employer and the building and work with good governance relationship with the management and the policies of emflementing the rules.
You need to know what you are up against and what are you protecting.
First and foremost, if Management isnt supportive and doesnt live to show they care for Information/IT Security themselves, Nothing will be deemed an "Achievement" for you and will be resisted.
Second, Discover your environment. There are signs to look for.
Old, predated hardware.
Prehistoric approaches to protecting information e.g. server passwords noted down on post-its on walls and rooms.
No logging and tracking of what is configured, how it is configured and who and when made the last changes? Untested and unapproved changes can form hidden disaster for the security guy any time.
Training and awareness.
Dont jump of buying tech or software right off from start, first do your homework and then find a suitable cheap/free alternative for your requirements.
Once you have your requirements straight, it will be far easier to develop a to-do list that works