Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Management
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Create management interest?

from [Pablo Gietz] Network Security [Permanent Link]
Subject: Re: Create management interest?
Date: Fri, 13 Aug 2004 13:51:10 -0300 
the_lonely star wrote:

Hi,

I'm trying to create interest in security at work. Everyone in the management team thinks that software security can be dealt with by ignoring the consequences. As a security professional, I'm totally against this and they asked me to convince them that a global security policy is the holy grail.

To my own surprise, I haven't found (yet!) any sites that would give me good pointers. We all know that security policies are needed but how do you convince a team who couldn't care less about them? For them, that kind of insurance is a waste of money and they'll just deal with them when it'll happen.

The sans/FBI data don't really apply to us as we're not a big company. They view those stats as pointless. In fact, I humbly have to agree too on that part.

Anyone had similar real life experience and how could you manage to convice them that working on a security policy is "real work" ?

The Lonely Star

_________________________________________________________________
Powerful Parental Controls Let your child discover the best the Internet has to offer. http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU=http://hotmail.com/enca&HL=Market_MSNIS_Taglines Start enjoying all the benefits of MSN. Premium right now and get the first two months FREE*.

.


All depends on the type of company you work at. I think the most strong point to justify the implementation of security, is to shore up your IT infrastructure. Giving to the whole process of information: availability , accuracy, confidentiality.

Respond yourself this questions.-

- Can your company work without all or some of the computer systems if those stop.

- How many time could your company work without the systems (e-mail, main process, etc)

-          Do you have a contingency plan?

- Do you have clear policies about ethical use of the Pc, laptops, servers, internet, e-mail, etc? (what if some employee do some type of threat to other people with the e-mail system?)

- Do you know that exist the possibility of some insider intercept internal e-mail's?

- Do you know that exist the possibility of system administrator to delete all the records of the company with garbage?

- In case of the building get on fire, Where do you continue doing business? And processing information



Etc,etc



Sorry for my English

--
Pablo A. C. Gietz
Jefe de Seguridad Informatica
Nuevo Banco de Entre Rmos S.A.
Te.: 0343 - 4201351
Fax: 0343 - 4201329

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Create management interest?, Subscriber
Next by Date:  Re: Create management interest?, roger . smith
Previous by Thread:  Re: Create management interest?, Subscriber
Next by Thread:  RE: Create management interest?, Britton, Jeff B.
Indexes:  [Date] [Thread] [Top] [All Lists]