Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
D
D
dieillusion2015-04-01 13:41:21
Information Security
dieillusion, 2015-04-01 13:41:21

What should a security officer do in a company if his position has just opened and there is no basis for this?

I was hired by the firm as an information security specialist . There is no experience in this position, what exactly the employer needs is also unclear (in a nutshell, it was indicated to me: correspondence control, protection against hacker attacks).
I would be very grateful to you if you could suggest a short plan of action on what needs to be done first (to show the boss that I am not useful, and bring real benefits).
I will be glad for any information.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

8 answer(s)
Report
A
Andrey Ermachenok, 2015-04-01
@eapeap

what to do first

Have a beer with the admin.

Report
M
mace-ftl, 2015-04-01
@mace-ftl

Classic
1) Set ptraffer file.php?id=165
2) A week later you show your boss a "list of requests in Google" (of course, signing the necessary documents with the employees, etc.) and tell who really does what
3) You get a budget, then you make documents of the "concept" level IB", then enter instructions and rules, audit domain security settings, etc.
This is an algorithm if no one in the office has done anything on the topic.

Report
P
Puma Thailand, 2015-04-01
@opium

First of all, write regulations, then introduce them, then follow them.

Report
S
Sergey, 2015-04-01
@begemot_sun

Raise proxy. And let people go only through it. Log all actions of people, transmitted information too. Cut off the ability to work from flash drives, floppy disks, disks, etc. boot stuff.
Sign a non-disclosure agreement with everyone, etc.
PS I'm not a security guard.

Report
S
Saboteur, 2015-04-01
@saboteur_kiev

The simplest thing is to write an information security policy.
Password rules, password policy (length, complexity).
Try to think about security in such a way that it is as comfortable as possible for users. Because of the piling up, they can score on her.
And yes - be friends with the administrator.

Report
S
Spetros, 2015-04-01
@Spetros

There is a characteristic student handwriting in the question ... Only from the university?
I recommend that you study the job description, the available materiel, and, based on the information received, begin planning and implementing such things as "correspondence control, protection against hacker attacks."

Report
K
killla, 2015-04-02
@killla

Read 152 FZ.
There is only one documentation to develop for a month of work.

Report
M
Max, 2015-04-15
@MaxDukov

Take STO BR IBBS as an example of a policy (by throwing out ISMS and ISMS at the first stage, and 2/3 of the requirements for ISMS there as well).
Write a document on access, on the Internet, by mail, on antivirus (and, most importantly, approve them from the management).
Communicate the new rules to employees. Start to control performance.

Similar questions
R
rtest2017-02-21 22:11:46
IP Cam Cloud - insecure video data in the cloud? 5Reply
S
slinkinone2017-02-22 10:59:36
What tools are used to analyze the performance of ios applications? 2Reply
S
Shing2021-02-24 13:00:17
How to protect your bank accounts from scammers and viruses? 3Reply
T
tartarelin2015-02-24 17:36:52
How secure is PDF encryption with certificates? 2Reply
G
gpm73152019-07-27 12:51:39
What's the point of storing application "secrets" through environment variables? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question