Educause Security Discussion mailing list archives
Re: Shared Security/Audit Position
From: Matthew Dalton <daltonm () OHIO EDU>
Date: Wed, 24 Oct 2007 15:28:10 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gary, That is definitely the type of situation we want to avoid. Our Security Office does create IT policy, but the role as envisioned would not participate in these activities. Instead, they would be responsible for non-policy, and non-enforcement activities for the Information Security Office, in addition to their audit responsibilities. These might include: - - Awareness/Training - - Security Research (Published Best Practice, etc.) - - Security Audit (partner with the "other side" for pen testing, etc.) - - Technical Assistance to University Audit There probably are others, but these were thought on how to get around the conflict. Matthew Gary Dobbins wrote:
Who authors policies and standards might come into play. It would be a conflict of interest for the audit role to author those, so if your security group does, it might be sticky. Matthew Dalton wrote: Hi! I was wondering if anyone on the list has had experience with a shared position between their internal audit and information security offices. We are investigating this possibility to assist our Audit department. We are currently trying to determine what, if any, job responsibilities would not become conflicts of interest between the two roles. Does anyone have any experience in this? Thanks!
- -- Matthew Dalton Director of Information Security Office of Information Technology HDL Center 375B Phone: 740-597-1914 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHH5zKVKUofGqW+twRAvF1AJ9aR0omzsklu88n9kpbr1NLRLQbfgCfeGWS 0p2AoqMqTxVGzS6qr7mwyh4= =PF2y -----END PGP SIGNATURE-----
Current thread:
- Shared Security/Audit Position Matthew Dalton (Oct 24)
- <Possible follow-ups>
- Re: Shared Security/Audit Position Gary Dobbins (Oct 24)
- Re: Shared Security/Audit Position Mclaughlin, Kevin (mclaugkl) (Oct 24)
- Re: Shared Security/Audit Position Joel Rosenblatt (Oct 24)
- Re: Shared Security/Audit Position Matthew Dalton (Oct 24)
- Re: Shared Security/Audit Position Steve Schuster (Oct 24)