This is why I love the internet. Just once in a while, you actually "meet" a normal person willing to share his/her passion. Thank you very much. If you are interested in Cisco networking, fantasy books, adventure motorcycle riding, or wanna get in shape, I'm happy to spread the love.
I deleted the thread, and hope this message will get through as PM.
If I may, I'd poke around your brain a bit more.
Like I mentioned, I fully grasp the theoretical stuff. I can talk that talk with the C-levelers for a while, sure. But I can't package that talk into tangable, yet.
But I did start to weave some strands together; sans.org did me some great help, CISM is practically ISACA's CISSP which I already did. I found some great reference sheets and guidelines, and can share them with you if you'd like. Maybe you could then chip-in and let me know if you thinh that's a good way to go.
So, my actual technical question is regarding that risk "base". What is it? A software, which one? A website subscription? A notepad?
Look, I'll put it this way - I'm fairily confident I can manage an ISO 27001 implementation. The company is a conglomerate in UAE. Dozen of shopping malls, supermarkets, cinemas, retal... You name it - they have it. But they're:
Private, not public, thus no legal regulation. I might be wrong here.
Been audited, as they transform finance and IT depts. Why I got the job. Should deal with that auditors guy.
I haven't still even started yet, haven't spoken to them for the first time, haven't even seen the network designs yet. So I'm apprehensive about will I be able to succesfully bullshit the bullshiter.
Thanks, and sorry for being random in thought and full of typos. I'm quite stoned right now. Drugs, another personal passions of mine.
Give a good day/night wherever you are. I'm well into night.