Security Basics mailing list archives
Re: R: incident response - management approach
From: "Douglas K. Fischer" <fischerdk () purefm net>
Date: Tue, 22 Oct 2002 19:41:09 -0400
At 05:39 PM 10/21/2002, Alessandro Bottonelli wrote:
> ... Even incident response perhaps is partially a > top management activity? > Most definitevely YES! There are responses that are top management responsability (think of a major bank network under attack, only top management can be in the position to decide to "pull the plug off" ... ).
This can't be stressed enough, IMO. Incident response (and in fact security as a whole) requires endorsement and involvement to start at the very top of the food chain in an organization. It can't be an effort brought forth by the IT department, with management along for the ride (or worse yet, management resisting). Information Security is a core component of overall organizational security (physical, personnel, etc) and requires organizational risk assessment and decision-making.
FWIW, Doug ------------------------------------------------------------ This email, and any included attachments, have been checked by Norton AntiVirus Corporate Edition (Version 7.6), AVG Server Edition 6.0, and Merak Email Server Integrated Antivirus (Alwil Software's aVast! engine) and is certified Virus Free.
Current thread:
- incident response - management approach TeamSecure (Oct 21)
- R: incident response - management approach Alessandro Bottonelli (Oct 22)
- Re: R: incident response - management approach Douglas K. Fischer (Oct 24)
- Re: incident response - management approach Devdas Bhagat (Oct 22)
- R: incident response - management approach Alessandro Bottonelli (Oct 22)