Security Basics mailing list archives

RE: First day and week as CISO?

From: "Robertson, Seth (JSC-IM)" <Seth.Robertson-1 () nasa gov>
Date: Mon, 1 Dec 2008 14:24:56 -0600

Conduct a fresh organization-wide risk assessment to determine the
stregths and weaknesses of the information security controls and
practices; the existing security staff probably know a handful of
weaknesses off-hand (sore points which they have previously been
unsuccessful at better securing).  There are many benefits: you are able
to present management a fresh understanding of the security posture, you
are able to identify areas which they have de facto already accepted a
risk, whether they know it or not (and if an incident occurs as a result
of the existing security state you have CYA), and you are able to spin
off a justified list of projects to mitigate those risks on the horizon.

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of cisohelp () googlemail com
Sent: Sunday, November 30, 2008 11:23 AM
To: security-basics () securityfocus com
Subject: Re: First day and week as CISO?

throw away wrote:

Scenario....

Going to be interviewing soon for a CISO..

One of the questions were going to be asking is the theroy question

below:


What would you do in the first day and week on the job?

The company is multi-million $ company, web based, sites all over the 
globe. 100's of users, 100's of servers, and a hell of alot of

firewall's.


Any thoughts?

Current thread:

Re: First day and week as CISO? cisohelp () googlemail com (Dec 01)
- RE: First day and week as CISO? Ryan Helfter (Dec 02)
- RE: First day and week as CISO? Robertson, Seth (JSC-IM) (Dec 02)
- Re: First day and week as CISO? Franck Vervial (Dec 02)
  - Re: First day and week as CISO? Ardian Silvano (Dec 03)
- <Possible follow-ups>
- Re: Re: First day and week as CISO? infosec . manager (Dec 02)
- Re: Re: First day and week as CISO? bill_smith_66 (Dec 02)