To increase the amount and depth of the analytics performed, steal some agile methods, and apply them to your audits.
If you’re not familiar with agile methods, check out the first 5 topics listed here (just click Next at the bottom of each page; the topics are quick to the point and full of pictures).
Briefly, agile projects are performed in cycles, or iterations, rather than in a long, linear-waterfall fashion, which is: do all planning, then field work, then reporting. Each iteration of the project creates some value and includes feedback, which is used in the next iteration to increase the value of the project.
About a decade ago, I personally witnessed the handover of the simplest, cheapest, and most effective disaster recover plan ever.
Let me first give you a little background….
I worked for a great IT director, who moved to another company, much bigger, and brought me with him.
In the new company, he again was responsible for all IT, and he brought me along to manage security and disaster recovery.
If I named this company, at least 25% of you would recognize it, even those of you around the world–true story, too.
May is Audit Awareness Month, so if you want to host an event to promote audit at your organization, you’re short on time.
I wrote about this last year, and all the links on that post are still good, so see May = Audit Awareness Month for ideas.
Hey, I’m recycling last year’s post, so this must be a GREEN blog!
Lenny Zeltser suggest 5 steps that mid-market organizations can take down the security path:
- Identify key data flows
- Understand user interactions
- Examine the network perimeter
- Assess the servers and workstations
- Look at the applications