Re: How to create security awareness in top management

[Steve Hillier <securityfocus () mastermindtoys com>]

The only trick there is to ensure that you can convince top management
that such attacks *are* possible without any prior knowledge of your
internal systems or elevated privileges.

A sceptic would say that, of course, you could obtain this information
because you already know how to get it and where it is located. You must
be careful to detail the attack process with this in mind.

sph



On 10/02/2006 3:50 p, William Woodhams wrote:
> Depending how much time you have you can show how insecure your company
> is by showing real attacks and information that could be Easley
> acquired.  Also possibly deface the "test" public site and bring it up
> is another idea. This is just showing them that hey we are vulnerable.
>
>
> Bill Woodhams
> Systems Technician
> Development Group-Technical Systems
> (585)429-3183
> William.Woodhams () wegmans com
>  
> Newcastle United signs Michael Owen...Enough Said!
>
> -----Original Message-----
> From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
> On Behalf Of itsec.info
> Sent: Monday, October 02, 2006 1:02 PM
> To: security-basics () securityfocus com
> Subject: How to create security awareness in top management
>
> Hi all
>
> I have got a job to make top management aware that their company must
> take care about information security (presentation and discussions).
>
> I will not go into too much technical details and I would like to start
> with some good stories which show in an easy and understandable way
> that information security is needed.
>
> Does anybody has some information where I can take out some good ideas
> to
> start with?
>
> --
> Any help is very much appreciated.
> Regards,
> Mike
>
> ------------------------------------------------------------------------
> ---
> This list is sponsored by: Norwich University
>
> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
> The NSA has designated Norwich University a center of Academic
> Excellence 
> in Information Security. Our program offers unparalleled Infosec
> management 
> education and the case study affords you unmatched consulting
> experience. 
> Using interactive e-Learning technology, you can earn this esteemed
> degree, 
> without disrupting your career or home life.
>
> http://www.msia.norwich.edu/secfocus
> ------------------------------------------------------------------------
> ---
>
>
> ---------------------------------------------------------------------------
> This list is sponsored by: Norwich University
>
> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
> The NSA has designated Norwich University a center of Academic Excellence 
> in Information Security. Our program offers unparalleled Infosec management 
> education and the case study affords you unmatched consulting experience. 
> Using interactive e-Learning technology, you can earn this esteemed degree, 
> without disrupting your career or home life.
>
> http://www.msia.norwich.edu/secfocus
> ---------------------------------------------------------------------------



---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------