Security Manager's Journal is one of my favorite places on the Internet. SMJ authors are real security managers, and their insights are on target. The Getting the Best from an Audit story is a a good example. The author is faced with a security audit and finds a way to use the auditors to her advantage:
My idea was to ask the auditor to help me develop documentation and processes for the agency that would ensure a formalized system-development life cycle. The new process addresses the security concerns raised by the report. As a result, we now have a suitable framework with which we can begin doing things differently.
There are plenty of other lessons like this one (consider the plight of the manager who had to lay off almost half of his information security staff). It's a good read.
►
Monday, April 6, 2009
Subscribe to:
Post Comments (Atom)
Posts
0 comments:
Post a Comment