Usually the biggest impression on management is pointing the attention to
the dollars lost in an attack or a virus outbreak. Site recent security
issues to other companies that are your industry and their financial loss
and responsibility. I know that working in the financial sector, there are
plenty of laws (Sarbanes Oxley, the CA Mandate 1386) that hold the top
officers of the company responsible for security issues.
For top officials, it all boils down to the bottom line. Use the incidents
with other companies as leverage, and display how you and your proposed team
can mitigate the current risks with a reasonable amount of money.
Best of luck.
-----Original Message-----
From: the_lonely star [mailto:inploit@hotmail.com]
Sent: Thursday, August 12, 2004 2:44 PM
To: security-management@securityfocus.com
Subject: Create management interest?
Hi,
I'm trying to create interest in security at work. Everyone in the
management team thinks that software security can be dealt with by ignoring
the consequences. As a security professional, I'm totally against this and
they asked me to convince them that a global security policy is the holy
grail.
To my own surprise, I haven't found (yet!) any sites that would give me good
pointers. We all know that security policies are needed but how do you
convince a team who couldn't care less about them? For them, that kind of
insurance is a waste of money and they'll just deal with them when it'll
happen.
The sans/FBI data don't really apply to us as we're not a big company. They
view those stats as pointless. In fact, I humbly have to agree too on that
part.
Anyone had similar real life experience and how could you manage to convice
them that working on a security policy is "real work" ?
The Lonely Star
_________________________________________________________________
Powerful Parental Controls Let your child discover the best the Internet has
to offer.
http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU=htt
p://hotmail.com/enca&HL=Market_MSNIS_Taglines
Start enjoying all the benefits of MSN® Premium right now and get the
first two months FREE*.
IMPORTANT: The security of electronic mail sent through the Internet
is not guaranteed. Legg Mason therefore recommends that you do not
send confidential information to us via electronic mail, including social
security numbers, account numbers, and personal identification numbers.
Delivery, and timely delivery, of electronic mail is also not
guaranteed. Legg Mason therefore recommends that you do not send
time-sensitive
or action-oriented messages to us via electronic mail, including
authorization to "buy" or "sell" a security or instructions to conduct any
other financial transaction. Such requests, orders or instructions will
not be processed until Legg Mason can confirm your instructions or
obtain appropriate written documentation where necessary.
