Security Basics mailing list archives
Re: sesecuring access to workgroup for notebooks
From: Alessandro Bottonelli <a.bottonelli () axis-net it>
Date: Tue, 23 Nov 2004 11:07:51 +0100
On Tuesday 23 November 2004 07:02, Davide wrote:
Hi all. I need some hints and opinions in order to perform risk assesment and ... for the following situation.
First of all: what's the goal of the Risk Assessment? Technical? For budgeting purposes? For legal compliance (like, since we are both in Italy, the New Privacy Code)? The purpose will drive the methodology and the scope of your risk assessment. Secondly: who should perform the risk assessment? Having the IT department assessing themselves is usually a bad idea ( "quis custodiet ipsos custodes" or who shall control the controllers?). Cheers, -- Alessandro Bottonelli, CISSP & BS7799 Lead Auditor AXIS-NET Privacy & InfoSec Consulting http.//www.axis-net.it
Current thread:
- sesecuring access to workgroup for notebooks Davide (Nov 22)
- Re: sesecuring access to workgroup for notebooks Alessandro Bottonelli (Nov 23)
- <Possible follow-ups>
- Re: sesecuring access to workgroup for notebooks Davide (Nov 26)