Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: security not a big priority?

from [Nhon Yeung] Network Security [Permanent Link]
Subject: RE: security not a big priority?
Date: Fri, 16 Feb 2007 09:25:58 +1100 
Francois
I'm assuming the long list of things to do are security problems that you have 
found or enhancements you would like to put in. 
One way of approaching this is to, create a policy for the desired state, so 
that things don't occur rather than retro fit everything you got listed. Sure 
create that list but put it in a risk register and make sure your manager 
accepts the risk. That way he would think twice before passing it. It'll keep 
if you can quantify the risk from a business point of view as management would 
be more receptive to this than just technicals.
At least this way you can set guiding principals in which the network guys 
could work and prevent the same problems happening everytime.
Sick at it, and if something happens and you've captured it you'll be the one 
saying i told you so :)
Nhon

-----Original Message-----
From: listbounce@securityfocus.com
[mailto:listbounce@securityfocus.com]On Behalf Of Francois Yang
Sent: Thursday, 15 February 2007 8:33 AM
To: security-basics@securityfocus.com
Subject: security not a big priority?


So I have a problem and like to know what you guys think.
I'm a Security Analyst at an Education institute. A community college
to be more precise.
So I was brought on board to address security issues and work on
making this place a better place.  Now the problem is.
1. I'm in the network operation team.  no security group.
2. My boss doesn't seem to know much about security.
3. My boss doesn't seem to think highly of security since all my
projects seems to be of low priority.
4. I have a long list of things that needs to be done and they are all
waiting for the engineers to work on it. But again they have better
things to do.
So what am I suppose to do? look for another job? :)
anyone run into this problem before?
I'm at the point where I'm not sure what to do.


Thanks.


-- 
If you think technology can solve your security problems, then you
don't understand the problems and you don't understand the technology.
Bruce Schneier

Any views expressed in this message are those of the individual sender, except 
where the sender specifically states them to be the views of Crane Group
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Discovering network topology, Nhon Yeung
Next by Date:  Re: security not a big priority?, Francois Yang
Previous by Thread:  Re: security not a big priority?, crazy frog crazy frog
Next by Thread:  Re: security not a big priority?, Henry Troup
Indexes:  [Date] [Thread] [Top] [All Lists]