Security Basics mailing list archives

Re: sesecuring access to workgroup for notebooks

From: Alessandro Bottonelli <a.bottonelli () axis-net it>
Date: Tue, 23 Nov 2004 11:07:51 +0100

On Tuesday 23 November 2004 07:02, Davide wrote:

Hi all. I need some hints and opinions in order to perform
risk assesment and ... for the following situation.

First of all: what's the goal of the Risk Assessment? Technical? 
For budgeting purposes? For legal compliance (like, since we are 
both in Italy, the New Privacy Code)? The purpose will drive the 
methodology and the scope of your risk assessment. 

Secondly: who should perform the risk assessment? Having the IT 
department assessing themselves is usually a bad idea ( "quis 
custodiet ipsos custodes" or who shall control the controllers?).

Cheers,

-- 
Alessandro Bottonelli, CISSP & BS7799 Lead Auditor
AXIS-NET Privacy & InfoSec Consulting
http.//www.axis-net.it

Current thread:

sesecuring access to workgroup for notebooks Davide (Nov 22)
- Re: sesecuring access to workgroup for notebooks Alessandro Bottonelli (Nov 23)
- <Possible follow-ups>
- Re: sesecuring access to workgroup for notebooks Davide (Nov 26)