Re: Shared Security/Audit Position

[Steve Schuster <sjs74 () CORNELL EDU>]

At Cornell, we do not have a shared resource but rather have focused
on building a strong relationship between the IT Security Office and
University Audit.  I support the Audit Office in performing such
things as IT scans with interpretation if necessary and the Audit
Office supports me in findings that support hte wider security
mission.  The Audit Office does a fine job of IT audits but, let's
face it, between the two groups we have very different approaches to
things.  I see this as a good thing.

I would rather focus on strong relationships with shared interests
rather than a shared resource.

sjs

Steve Schuster
Director, IT Security Office
Cornell University
sjs74 () cornell edu




On Oct 24, 2007, at 2:43 PM, Matthew Dalton wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi!
>
> I was wondering if anyone on the list has had experience with a shared
> position between their internal audit and information security
> offices.
>  We are investigating this possibility to assist our Audit department.
> We are currently trying to determine what, if any, job
> responsibilities
> would not become conflicts of interest between the two roles.  Does
> anyone have any experience in this?  Thanks!
>
>
> - --
> Matthew Dalton
> Director of Information Security
> Office of Information Technology
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFHH5JkVKUofGqW+twRAmIlAJ0X/G0YM9gyPniXz+vu4+EbgtfcDgCbBF4y
> hCSiYQcAwjW6wRE691PERwQ=
> =x+nW
> -----END PGP SIGNATURE-----

Attachment: PGP.sig
Description: This is a digitally signed message part