Monday, 4 June 2007

The Company Newsletter article

As you will know, I have an issue with awareness in my Company. To that end, I agreed to write a short article for the company newsletter on me and InfoSec in general.

I remembered guidance I received from Rob Newby on keeping things short and sweet so as not to scare off the reader so the fir st article is exactly that. I'm going to write some follow up articles on InfoSec in general and PCI DSS in particular over the next few weeks in order to keep chipping away at the ignorance issue.

I've anonomised it somewhat as the original contained names of the innocent(!!), for now, this is the article, don't get too excited!!!

======================

“Who” and “what”, you may ask. Well, I joined the Company in November 2004 initially as a Project Manager in the Finance department dealing with projects about payment solutions and exciting stuff like that. However, after a while I began badgering my manager and his Boss about “information security”. So much so that they gave me the Information Security Manager job and maybe they thought that would quieten me down a bit.

I have been interested in Information Security throughout my 22 year career which has mostly been in and around the IT arena. I did a spell in sales (hated that!!) and then got into project management. However, InfoSec has always been a core interest.

What is Information Security all about anyway? Well, the textbook answer is that it is about “ensuring that the confidentiality, integrity and availability of the company’s information assets is maintained”. What that really means is making sure that the company’s information is used in the right way by the right people for the right purpose. And by “right”, I mean whatever the company decides is right. My job is to help the company decide what is “right” and then write the polices to back that up.

The InfoSec programme at [the Company] has yet to get truly off the ground. As is the case with most areas of the company, there is always something else more important, more urgent etc. etc. Currently, my focus is on the PCI DSS Compliance project which [the Project Manager] explains later in this newsletter.

======================

Posted by Andrew Mason at 15:28

Labels: ,

Subscribe to: Comment Feed (RSS)