Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Management
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Create management interest?

from [Newcomb, Kelly] Network Security [Permanent Link]
Subject: RE: Create management interest?
Date: Fri, 13 Aug 2004 10:33:01 -0500 
If you can, start with the low-hanging fruit. Was your company affected
recently (or in the past) by the e-mail viruses/worms? What kind of
effort and time did it take to recover, and was the business on hold
during that recovery period? Translate that to dollars and compare it
with the cost of controls (anti-virus, attachment blocking, policy,
awareness, etc.). That could open the door to educating them about the
other bad stuff out there.

Good luck,
Kelly
--
Kelly Newcomb, CISSP
Information Security Officer
Texas Guaranteed - The Guarantor of Choice
Voice: 512-219-4697
Email: kelly.newcomb@tgslc.org
"Discipline is doing something you don't want to do when you don't want
to do it, in order to do something you want to do when you want to do
it."

-----Original Message-----
From: the_lonely star [mailto:inploit@hotmail.com] 
Sent: Thursday, August 12, 2004 1:44 PM
To: security-management@securityfocus.com
Subject: Create management interest?

Hi,

I'm trying to create interest in security at work. Everyone in the 
management team thinks that software security can be dealt with by
ignoring 
the consequences. As a security professional, I'm totally against this
and 
they asked me to convince them that a global security policy is the holy

grail.

To my own surprise, I haven't found (yet!) any sites that would give me
good 
pointers. We all know that security policies are needed but how do you 
convince a team who couldn't care less about them? For them, that kind
of 
insurance is a waste of money and they'll just deal with them when it'll

happen.

The sans/FBI data don't really apply to us as we're not a big company.
They 
view those stats as pointless. In fact, I humbly have to agree too on
that 
part.

Anyone had similar real life experience and how could you manage to
convice 
them that working on a security policy is "real work" ?

The Lonely Star

_________________________________________________________________
Powerful Parental Controls Let your child discover the best the Internet
has 
to offer.  
http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU
=http://hotmail.com/enca&HL=Market_MSNIS_Taglines 
  Start enjoying all the benefits of MSN(r) Premium right now and get
the 
first two months FREE*.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Create management interest?, Richard . Sullivan
Next by Date:  Re: Create management interest?, Subscriber
Previous by Thread:  RE: Create management interest?, Britton, Jeff B.
Next by Thread:  Re: Create management interest?, jwtjudd
Indexes:  [Date] [Thread] [Top] [All Lists]