Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Management
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Senior Management Buy-in (was Top Information Security Management Ch

from [John Nolan] Network Security [Permanent Link]
Subject: RE: Senior Management Buy-in (was Top Information Security Management Challenges in the Enterprise Today?)
Date: Fri, 11 Nov 2005 16:59:39 -0000 
Richard,

 

We specialize in the area of digital pornography eradication and ICT abuse
and we rarely see CFOs/ CEOs write or participate in the writing of policies
- it's usually delegated. They usually trust their IT/HR to take care of
this. 

 

Unbelievably few Fortune 500 firms audit for illicit images within their
network yet their officers have clear liabilities.the under-resourced IT
team meanwhile only rely on content filtering and desktop lockdowns to try
and limit the exposure, no surprise then that 9 out of 10 firms will have
large reservoirs of porn and some inadvertently archive child porn.

 

John    

 

  _____  

From: Richard.Sullivan@neupart.com [mailto:Richard.Sullivan@neupart.com] 
Sent: 11 November 2005 15:54
To: Cronican, John
Cc: john_blackley@dell.com; security-management@securityfocus.com
Subject: RE: Senior Management Buy-in (was Top Information Security
Management Challenges in the Enterprise Today?)

 


Another follow up question:  Were senior management intimately involved in
writing those policies? 

We often see IT departments dictating policies that executives are liable
for. It's interesting that CFOs and CEOs could potentially go to prison over
this, then delegate the entire task to people with nothing to lose. 


- Rich 







"Cronican, John" <JCronican@sempra.com> 

11/10/2005 12:19 PM 


To

<john_blackley@dell.com>, <security-management@securityfocus.com> 


cc

 


Subject

RE: Senior Management Buy-in (was Top Information Security Management
Challenges in the Enterprise Today?)

 


 

 




Hi all,
My Senior Management are very aware and understand the content of our
information security policies.
John

John G. Cronican, Jr. (BEE, MSSM, CISSP, IAM)
Sr. Infrastructure Technologist
iProtect Sempra Energy
Sempra Energy Corporate Center & Sempra Energy Utilities
10949 Technology Place
San Diego, CA  92127
(858) 613-5738 (Desk)
(619) 787-1906 (Cell)
(619) 978-2493 (Pager)

JCronican@sempra.com


-----Original Message-----
From: john_blackley@dell.com [mailto:john_blackley@dell.com] 
Sent: Tuesday, November 08, 2005 10:09 AM
To: security-management@securityfocus.com
Subject: Re: Senior Management Buy-in (was Top Information Security
Management Challenges in the Enterprise Today?)


Further to Brad's excellent post on gathering success stories, I'd like
to ask one favor (because it's an issue in which I have an interest):
When responding, can you give some indication of whether - or not - you
believe your senior management know and understand the content of their
information security policies?
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Senior Management Buy-in (was Top Information Security Management Challenges in the Enterprise Today?), Brad Bemis
Next by Date:  RE: Senior Management Buy-in (was Top Information Security Management Challenges in the Enterprise Today?), Brad Bemis
Previous by Thread:  Re: Senior Management Buy-in (was Top Information Security Management Challenges in the Enterprise Today?), Fred Cohen
Next by Thread:  RE: Top Information Security Management Challenges in the Enterprise Today?, Brad Bemis
Indexes:  [Date] [Thread] [Top] [All Lists]