Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Shared Security/Audit Position

From: Joel Rosenblatt <joel () COLUMBIA EDU>
Date: Wed, 24 Oct 2007 15:14:24 -0400
Our Security group is responsible for witting policies, our audit group is not connected to security or IT.

Thanks,
Joel Rosenblatt

Joel Rosenblatt, Manager Network & Computer Security
Columbia Information Security Office (CISO)
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
http://www.columbia.edu/~joel


--On Wednesday, October 24, 2007 3:03 PM -0400 Gary Dobbins <dobbins () ND EDU> wrote:


Who authors policies and standards might come into play.  It would be a conflict of interest for the audit role to 
author those, so if your security group
does, it might be sticky.

Matthew Dalton wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi!

I was wondering if anyone on the list has had experience with a shared
position between their internal audit and information security offices.
 We are investigating this possibility to assist our Audit department.
We are currently trying to determine what, if any, job responsibilities
would not become conflicts of interest between the two roles.  Does
anyone have any experience in this?  Thanks!


- --
Matthew Dalton
Director of Information Security
Office of Information Technology

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHH5JkVKUofGqW+twRAmIlAJ0X/G0YM9gyPniXz+vu4+EbgtfcDgCbBF4y
hCSiYQcAwjW6wRE691PERwQ=
=x+nW
-----END PGP SIGNATURE-----



--

  Gary Dobbins, CISSP -- Director, Information Security
  University of Notre Dame, Office of Information Technologies




Joel Rosenblatt, Manager Network & Computer Security
Columbia Information Security Office (CISO)
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
http://www.columbia.edu/~joel
Previous By Date Next
Previous By Thread Next

Current thread: