You are the first Information Security Manager in a company , what will be your top checklist items on the first days ?

As an IS Manager, my first priority will be definatilly to build a support and a work relationship with senior management. This will definatilly lead to succeed the IS management framework which includes: governance, policies, standards, procedures, and guidelines

Firstly one need to understand the current setup. Do a BIA if not done and suggest for any additional security measures if required in existing current infrastructure

to protect the interest of the employer and the building and work  with good governance  relationship with the management and the policies of emflementing the rules.

 

1. Understanding your team. Getting information of capabilities of each individual
2. Proper Understanding of Network Zone. understand the assets placed on DMZ zones.
3. Build a good relation with Senior Management, Network and System Operations and Local Desk Site Support. 

 

You need to know what you are up against and what are you protecting.

 

First and foremost, if Management isnt supportive and doesnt live to show they care for Information/IT Security themselves, Nothing will be deemed an "Achievement" for you and will be resisted.

Second, Discover your environment. There are signs to look for.

 

Old, predated hardware.

Prehistoric approaches to protecting information e.g. server passwords noted down on post-its on walls and rooms.

No logging and tracking of what is configured, how it is configured and who and when made the last changes? Untested and unapproved changes can form hidden disaster for the security guy any time.

Training and awareness.

 

Dont jump of buying tech or software right off from start, first do your homework and then find a suitable cheap/free alternative for your requirements.

Once you have your requirements straight, it will be far easier to develop a to-do list that works