Gerhard,
Thanks for your email.
I am standardising our company’s (IT consultancy) computer audit
process. Our consultants come from different backgrounds, more or less, they
specialise some areas in relate to computer security audit. So we decided to
take an action. As I am not from a security-related background, so I
haven’t got a clue where to start.
BS7799 and OCTAVE is something I have been reading. I agree with you on that
there should be two audits. In reality, we don’t have that luxury. I
suggested our consultants to start from business perspective then dig into
technical details.
Thanks,
Andy
________________________________
From: ゲルハード リカット [mailto:g.rickert@aozora-is.co.jp]
Sent: 15 February 2006 07:24
To: Andy Liu; security-management@securityfocus.com
Subject: RE: security audit
Hey Andy,
This is just my 2 cents but I think before you set up the process you should go
and talk with the senior people within your company and find out what the
vision of the company is. Remember Security can be a parasite sometimes and you
want to try and align security with company as transparent as possible without
compromising the balance. What area of the industry are you? If it is finance
related then you may want to read over the FSA guidelines and what not.
Standards there can really help. ISMS is something you may want to research
into.
As for as the software goes I think it would be more on what your looking to
do. If you are debating on if an audit should be more business or Tech related,
I would say, create 2 audits. 1 being technical and the other being business
related. I would rather be a little more careful then not careful enough.
Kind Regards,
Gerhard Rickert
________________________________
From: Andy Liu [mailto:Andy.Liu@selection.co.uk]
Sent: Tuesday, February 14, 2006 5:36 PM
To: security-management@securityfocus.com
Subject: security audit
Hi guys,
I’m working on project to evaluate security audit process. Is there any
standard or framework in this area that I can follow? Any suggestion on
security audit software, should security audit more technical or more
business-focused?
Many thanks,
Andy
--
Please Visit our Website: http://www.selection.co.uk
<http://www.selection.co.uk/>
--
This e-mail is confidential and is intended for the exclusive use of the
addressee only. Selection Services Plc accepts no liability for personal
views expressed. While every effort has been made to ensure the attachments
are virus-free, they must be checked before further use, especially those
containing encrypted data. If you have any problems with this e-mail,
please contact our IT Manager on Email@Selection.co.uk
--
This message has been scanned for viruses and
dangerous content by MailScanner <http://www.selection.co.uk/> , and is
believed to be clean.
--
This message has been scanned for viruses and
dangerous content by MailScanner <http://www.mailscanner.info/> , and is
believed to be clean.
--
Please Visit our Website: http://www.selection.co.uk
--
This e-mail is confidential and is intended for the exclusive use of the
addressee only. Selection Services Plc accepts no liability for personal
views expressed. While every effort has been made to ensure the attachments
are virus-free, they must be checked before further use, especially those
containing encrypted data. If you have any problems with this e-mail,
Please contact our IT Manager on Email@Selection.co.uk
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
