Educause Security Discussion mailing list archives

Re: Shared Security/Audit Position

From: "Mclaughlin, Kevin (mclaugkl)" <mclaugkl () UCMAIL UC EDU>
Date: Wed, 24 Oct 2007 15:06:34 -0400

I currently have one of my ISOs doing some of the IT audit work for our
Internal Audit group.  It has been working fine so far but we are having to
be very careful with the independence and conflict of interest issue that
Gary mentions below.

-Kevin



Kevin L. McLaughlin
CISM, CISSP, PMP, ITIL Master Certified
Director, Information Security
University of Cincinnati
513-556-9177 (w)
513-703-3211 (m)
513-558-ISEC (department)





CONFIDENTIALITY NOTICE: This e-mail message and its content is confidential,
intended solely for the addressee, and may be legally privileged. Access to
this message and its content by any individual or entity other than those
identified in this message is unauthorized. If you are not the intended
recipient, any disclosure, copying or distribution of this e-mail may be
unlawful. Any action taken or omitted due to the content of this message is
prohibited and may be unlawful.



-----Original Message-----
From: Gary Dobbins [mailto:dobbins () ND EDU]
Sent: Wednesday, October 24, 2007 3:03 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Shared Security/Audit Position

Who authors policies and standards might come into play.  It would be a
conflict of interest for the audit role to author those, so if your
security group does, it might be sticky.

Matthew Dalton wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi!

I was wondering if anyone on the list has had experience with a shared
position between their internal audit and information security offices.
 We are investigating this possibility to assist our Audit department.
We are currently trying to determine what, if any, job responsibilities
would not become conflicts of interest between the two roles.  Does
anyone have any experience in this?  Thanks!


- --
Matthew Dalton
Director of Information Security
Office of Information Technology

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHH5JkVKUofGqW+twRAmIlAJ0X/G0YM9gyPniXz+vu4+EbgtfcDgCbBF4y
hCSiYQcAwjW6wRE691PERwQ=
=x+nW
-----END PGP SIGNATURE-----


--

  Gary Dobbins, CISSP -- Director, Information Security
  University of Notre Dame, Office of Information Technologies

Attachment: smime.p7s
Description:

Current thread:

Shared Security/Audit Position Matthew Dalton (Oct 24)
- <Possible follow-ups>
- Re: Shared Security/Audit Position Gary Dobbins (Oct 24)
- Re: Shared Security/Audit Position Mclaughlin, Kevin (mclaugkl) (Oct 24)
- Re: Shared Security/Audit Position Joel Rosenblatt (Oct 24)
- Re: Shared Security/Audit Position Matthew Dalton (Oct 24)
- Re: Shared Security/Audit Position Steve Schuster (Oct 24)