A big part of it is going to be figuring out where you are today, where you
want to be by the end of the year, and how to close the gap between the two.
Here are just a few questions for you:
- Have you conducted any recent risk assessments?
- Do you have some sort of security framework definition in place to drive
toward (like BS 7799, COBIT, etc)?
- Are you looking at just one particular aspect of security (people,
process, technology) or do you need to look at the entire security program
from a holistic standpoint?
- Do you know what regulatory and contractual requirements need to be met by
your organization?
- Have you spoken with management and helped them to define their risk
appetite in a manner that will be useful to you in determining the amount of
effort that needs to go into your program?
Brad Bemis, CISSP, CISA
Information Security and IT Audit Professional
_____
From: Mai Dashti [mailto:DASHTI@kreb.com.kw]
Sent: Sunday, January 09, 2005 10:05 PM
To: security-management@securityfocus.com
Subject: IT Security year Plan
Dear Group,
A very happy new year to u all.
I need your help on how to plan my this year and my coming years of the IT
Security functions.
May A Dashti
IT Security Officer
Risk Management
Kuwait Real Estate Bank
Tel. (965) 888 999 - Ext. 3144
****************************************************************************
**
Disclaimer:
This Email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this message in error please delete it and any files
transmitted with it, after you notify the sender immediately.
KREB accepts no responsibility for any such errors or omissions. The
information,views and comments within this communication are those of the
individual and not necessarily those of KREB.
Kuwait Real Estate Bank.
****************************************************************************
**
