Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Management
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Senior Management Buy-in (was Top Information Security Management Ch

from [Rob Harmer] Network Security [Permanent Link]
Subject: RE: Senior Management Buy-in (was Top Information Security Management Challenges in the Enterprise Today?)
Date: Sun, 23 Oct 2005 15:45:01 +0930 
Brad, 

The biggest issue in getting the message to top management for technology
personnel is making the message short, sharp, relevant to that business, and
focused.  Technology personnel "need to think more about the audience" and
change the way they present items. Most managers do not necessarily
understand the techno-speak offered in many cases.

It's no good presenting a 50 page paper or a 35 page powerpoint slide show
to a CEO when all he/she wants is a summary, impact and a bottomline and
what tradeoffs were/had been considered. 

The CEO expectation of a technology professional would be to bring a concise
summation that "sells the business case" in manner that a decision can be
made for or against the activity. Sounds brutal but that's how CEOs think. 

Hence any large papers stating the business case need to be encapsulated in
a 2 page maximum overview, recommendation and bottomline cost. 

We have been doing this for years with software compliance issues (similar
vein to security focus issues) and ended up focusing a series of 2 page
articles for the top management layers as demonstrated at our pages listed
at  http://www.pcprofile.com/SCT_Intranet.htm  We found the short and
sharper focused items got the key messages through as listed at
http://www.pcprofile.com/Risks%20of%20being%20caught%20with%20illegal%20soft
ware.pdf


Regards

Rob Harmer

______________________________________________

PCProfile   http://www.pcprofile.com  
e-mail pcprofile@internode.on.net
Mobile Phone +61 (0) 418 817 955 (only after 6pm due to security
restrictions)
Fax+61 8 8265 1961
______________________________________________


-----Original Message-----
From: Brad Bemis [mailto:bradleyb@bradleyb.net] 
Sent: Sunday, 23 October 2005 2:46 PM
To: security-management@securityfocus.com
Subject: Senior Management Buy-in (was Top Information Security Management
Challenges in the Enterprise Today?)

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 Thank you all for your responses to the question of top challenges
 today.    

One key theme that I saw across many of the responses was the
challenge of getting senior management to buy in to security.  This
makes it especially challenging for security professionals since it
is commonly agreed upon that the 'tone from the top' is a key success
factor in our efforts to protect our respective organizations. 
Sadly, this has been an issue for quite some time.  

I am interested in any success stories and/or specific things that
have or have not worked in trying to help educate senior management
on the business imperative that security now represents.  What kind
of approach did you use and what kind of steps did you take?  If you
are buried within the bureaucracy of your organization how did you
escalate security within your company and gain access to your
executive management team?  What are some of the lessons learned in
trying to set the 'tone at the top' and driving the incorporation of
security into the culture of the organization?  Are you aware of any
articles or best practice guides that are useful in this area?  

Please be sure to share your responses with the other members of this
list...       


Thank you,

Brad Bemis
(Moderator)

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQIVAwUBQ1scpQiGfsWIs63wAQICLg//c+7AuG9uOHIaqCHmj1eO7ZQ3LyXdntdE
MPBtP6Z5yUPmdf62e1u4Qai2SVolajLLk1J8FO5H0kA1xLFde1XTM/srP0vD66fC
GaER8oteUc2EMnam3PiI6WHGrVMDObkQB04eLC/+egKfFKWA3GrZ3Dx1X7hqjvep
fAcCvGkatA5YBliEHISUgsAZyVuwYxYBl8zgje56v1Dk7TsYbuDqgBUdv3IBMAyM
WyceQYoeAbGk1NpksWXgOf3ntzWzNw1v9cxNghfAe0C6ccNkYvH5ZOZW0y1MQwe8
5c2kCkoITnXCjND8XdAtXkCaaPnmkQAhllOm4m3k79PX/jzCTAjnqnJpM+qcBWRH
uK3vMtXF0Ru86QXh4B6LZd+WRQ5sEJoI4YeDbZt5lA5nqMq+VrCR44WhFpKrinMU
caZX6Qn/iHQvr0+YWAExJoQhTCNeqs+m7U9c2tawaezyh4OJtRZe2qabujK8rFTd
vpeNJvQiAztnW5SqhPf+yVYYkwHnB9csChIelOEb7P0ITPhUU5yp/jjYC6alE/OG
52WCHqdmkUiuda+RnPirh/7R7+1cwaPj15HJslTBxaA9DQERBTYMoXo5Akmrao4+
4dZ36GkymNpQTMjXjTac5x4+3tNOntRfl0RNdPGzoKW2DeI2ZfejvlxqPyqB/hbL
BpRVjfcRNmA=
=nqFE
-----END PGP SIGNATURE-----
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Top Information Security Management Challenges in the Enterpr ise Today?, "Weigel Muñoz, Margarita"
Next by Date:  Re: Guidelines For System Administrators?, jfvanmeter
Previous by Thread:  Senior Management Buy-in (was Top Information Security Management Challenges in the Enterprise Today?), Brad Bemis
Next by Thread:  Re: Senior Management Buy-in (was Top Information Security Management Challenges in the Enterprise Today?), johnnicholson
Indexes:  [Date] [Thread] [Top] [All Lists]