Security program: do you have one, did you make it, and how did you do it?

This is why I love the internet. Just once in a while, you actually "meet" a normal person willing to share his/her passion. Thank you very much. If you are interested in Cisco networking, fantasy books, adventure motorcycle riding, or wanna get in shape, I'm happy to spread the love.

I deleted the thread, and hope this message will get through as PM.

If I may, I'd poke around your brain a bit more.

Like I mentioned, I fully grasp the theoretical stuff. I can talk that talk with the C-levelers for a while, sure. But I can't package that talk into tangable, yet.

But I did start to weave some strands together; did me some great help, CISM is practically ISACA's CISSP which I already did. I found some great reference sheets and guidelines, and can share them with you if you'd like. Maybe you could then chip-in and let me know if you thinh that's a good way to go.

So, my actual technical question is regarding that risk "base". What is it? A software, which one? A website subscription? A notepad?

Look, I'll put it this way - I'm fairily confident I can manage an ISO 27001 implementation. The company is a conglomerate in UAE. Dozen of shopping malls, supermarkets, cinemas, retal... You name it - they have it. But they're:

  1. Private, not public, thus no legal regulation. I might be wrong here.

  2. Been audited, as they transform finance and IT depts. Why I got the job. Should deal with that auditors guy.

I haven't still even started yet, haven't spoken to them for the first time, haven't even seen the network designs yet. So I'm apprehensive about will I be able to succesfully bullshit the bullshiter.

Thanks, and sorry for being random in thought and full of typos. I'm quite stoned right now. Drugs, another personal passions of mine.

Give a good day/night wherever you are. I'm well into night.

/r/AskNetsec Thread Parent