Hey Andy,
This is just my 2 cents but I think before you set up the process you should go
and talk with the senior people within your company and find out what the
vision of the company is. Remember Security can be a parasite sometimes and you
want to try and align security with company as transparent as possible without
compromising the balance. What area of the industry are you? If it is finance
related then you may want to read over the FSA guidelines and what not.
Standards there can really help. ISMS is something you may want to research
into.
As for as the software goes I think it would be more on what your looking to
do. If you are debating on if an audit should be more business or Tech related,
I would say, create 2 audits. 1 being technical and the other being business
related. I would rather be a little more careful then not careful enough.
Kind Regards,
Gerhard Rickert
_____
From: Andy Liu [mailto:Andy.Liu@selection.co.uk]
Sent: Tuesday, February 14, 2006 5:36 PM
To: security-management@securityfocus.com
Subject: security audit
Hi guys,
I’m working on project to evaluate security audit process. Is there any
standard or framework in this area that I can follow? Any suggestion on
security audit software, should security audit more technical or more
business-focused?
Many thanks,
Andy
--
Please Visit our Website: http://www.selection.co.uk
<http://www.selection.co.uk/>
--
This e-mail is confidential and is intended for the exclusive use of the
addressee only. Selection Services Plc accepts no liability for personal
views expressed. While every effort has been made to ensure the attachments
are virus-free, they must be checked before further use, especially those
containing encrypted data. If you have any problems with this e-mail,
please contact our IT Manager on Email@Selection.co.uk
--
This message has been scanned for viruses and
dangerous content by MailScanner <http://www.selection.co.uk/> , and is
believed to be clean.
