"And in the 7.8% of the traffic how many of our legitimate customers could
have been prevented from doing business with us?"
You know that question will be asked and you know you don't have a good
answer........
And if you don't know of a story that all execs will relate to and probably
call you on heres a true one..... I worked for a big financial services
company in the Bay Area whose CIO was British (like me). Sussex Country
Cricket Club was usually blocked by most web filters ;-)
_____
From: chuck@netserco.com [mailto:chuck@netserco.com]
Sent: Tuesday, April 04, 2006 1:21 PM
To: Crayola; security-management@securityfocus.com
Subject: Re: Reports for Exec Management
Show the IDS attacks number as a ratio of the normal traffic volume:
15% of the traffic was blocked as unacceptable for whatever reason, such as
viral or hacker attacks, etc.
or, 7.8% of the traffic was blocked, etc.
Chuck
----- Original Message -----
From: Crayola
To: security-management@securityfocus.com
Subject: Reports for Exec Management
Date: Mon, 03 Apr 2006 23:35:58 -0400
I need to begin putting together monthly reports for
executive management (CEO) that show the value that the Information
Security department is providing to the company. The execs know what we
do, my senior mgmt feels we need to broadcast the value Infosec provides.
I know a couple things about exec reports.. keep them short (one page),
never propose a need without an answer, and huge IDS numbers will scare
them needlessly. How can I show value without being alarmist? If I say that
we
successfully blocked over 1.5 million attacks last month they'll have a
heart attack.
What do ya'll provide to your execs? Its tough to show the value of what you
do when that value consists of potentially making something not happen
(security incident).
Thanks,
Mike
