You can use the legal issues in decisions taken due to information
security incidents (not just IT, remember) as an argument too.
I mean, when a company punishes (or fires) an employee because any kind
of IS incidents, the company must be prepared the allegation about the
process that generated the sanction.
Here is when the IS policies can be used to show that there were clear
rules about the allowed and the unacceptable personnel behavior and that
the sanction was just a "natural" consequence for employee's actions.
This can avoid a lot of litigation efforts and, of course, limit the
impact for the company itself (and this would must be interesting to
management).
-----Original Message-----
From: the_lonely star [mailto:inploit@hotmail.com]
Sent: Jueves, 12 de Agosto de 2004 01:44 p.m.
To: security-management@securityfocus.com
Subject: Create management interest?
Hi,
I'm trying to create interest in security at work. Everyone in the
management team thinks that software security can be dealt with by
ignoring the consequences. As a security professional, I'm totally
against this and they asked me to convince them that a global security
policy is the holy grail.
To my own surprise, I haven't found (yet!) any sites that would give me
good pointers. We all know that security policies are needed but how do
you convince a team who couldn't care less about them? For them, that
kind of insurance is a waste of money and they'll just deal with them
when it'll happen.
The sans/FBI data don't really apply to us as we're not a big company.
They view those stats as pointless. In fact, I humbly have to agree too
on that part.
Anyone had similar real life experience and how could you manage to
convice them that working on a security policy is "real work" ?
The Lonely Star
_________________________________________________________________
Powerful Parental Controls Let your child discover the best the Internet
has to offer.
http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU
=http://hotmail.com/enca&HL=Market_MSNIS_Taglines
Start enjoying all the benefits of MSN(r) Premium right now and get
the first two months FREE*.
**********************************************************************
The information in this email is confidential and may be legally
privileged. It is intended solely for the addressee. Access to
this email by anyone else is unauthorized.
If you are not the intended recipient, any disclosure, copying,
distribution or any action taken or omitted to be taken in
reliance on it, is prohibited and may be unlawful.
Any opinions or advice contained in this email are subject to
the terms and conditions expressed in the governing KPMG
client engagement letter.
**********************************************************************
