Security Basics mailing list archives
Re: Business Case
From: Miguel Dilaj <miguel.dilaj () oissg org>
Date: Wed, 01 Aug 2007 14:51:19 -0300
Christian_Moldes () hotmail com escribió:
Some resources that may be useful are: THE BUSINESS CASE FOR NETWORK SECURITY: ADVOCACY, GOVERNANCE, AND ROI Cisco Press, ISBN : 1-58720-121-6 The Information Systems Security Officer's Guide: Establishing and Managing an Information Protection Program, Second Edition Butterworth Heinemann, ISBN: 0750676566 Surviving Security: How to Integrate People, Process, and Technology, Second Edition Auerbach Publications, ISBN: 0849320429 If I were you I will start with security awareness providing semi-daily security news regarding security incidents: breachs, defaced websites, hacked companies, etc. I also will look for help in the upper management to be the project owner of the security initiatives. Having support and enforcement from the upper management is critical. How do you get that, use security awareness. Best regards, Christian J. Moldes CISM, CISSP, CISA, MCSE:Security, CCNA, PCI QSA ISMS Lead Auditor (ISO 27001:2005)
Also give every manager a copy of "Secrets & Lies" by Bruce Schneier, ISBN 0-471-25311-1, see http://www.schneier.com/book-sandl.html The problem is you can't be sure if they've read it ;-) Regards, Miguel
Current thread:
- Re: Business Case Christian_Moldes (Aug 01)
- Re: Business Case Miguel Dilaj (Aug 01)