Security Basics mailing list archives
RE: First day and week as CISO?
From: "Robertson, Seth (JSC-IM)" <Seth.Robertson-1 () nasa gov>
Date: Mon, 1 Dec 2008 14:24:56 -0600
Conduct a fresh organization-wide risk assessment to determine the stregths and weaknesses of the information security controls and practices; the existing security staff probably know a handful of weaknesses off-hand (sore points which they have previously been unsuccessful at better securing). There are many benefits: you are able to present management a fresh understanding of the security posture, you are able to identify areas which they have de facto already accepted a risk, whether they know it or not (and if an incident occurs as a result of the existing security state you have CYA), and you are able to spin off a justified list of projects to mitigate those risks on the horizon. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of cisohelp () googlemail com Sent: Sunday, November 30, 2008 11:23 AM To: security-basics () securityfocus com Subject: Re: First day and week as CISO? throw away wrote:
Scenario.... Going to be interviewing soon for a CISO.. One of the questions were going to be asking is the theroy question
below:
What would you do in the first day and week on the job? The company is multi-million $ company, web based, sites all over the globe. 100's of users, 100's of servers, and a hell of alot of
firewall's.
Any thoughts?
Current thread:
- Re: First day and week as CISO? cisohelp () googlemail com (Dec 01)
- RE: First day and week as CISO? Ryan Helfter (Dec 02)
- RE: First day and week as CISO? Robertson, Seth (JSC-IM) (Dec 02)
- Re: First day and week as CISO? Franck Vervial (Dec 02)
- Re: First day and week as CISO? Ardian Silvano (Dec 03)
- <Possible follow-ups>
- Re: Re: First day and week as CISO? infosec . manager (Dec 02)
- Re: Re: First day and week as CISO? bill_smith_66 (Dec 02)