Re: Business Case

[Miguel Dilaj <miguel.dilaj () oissg org>]

Christian_Moldes () hotmail com escribió:
> Some resources that may be useful are:
>
> THE BUSINESS CASE FOR NETWORK SECURITY: ADVOCACY, GOVERNANCE, AND ROI
> Cisco Press, ISBN : 1-58720-121-6 
>
>
> The Information Systems Security Officer's Guide: Establishing and Managing an Information Protection Program, Second 
> Edition
> Butterworth Heinemann, ISBN: 0750676566
>
>
> Surviving Security: How to Integrate People, Process, and Technology, Second Edition
> Auerbach Publications, ISBN: 0849320429
>
>
> If I were you I will start with security awareness
> providing semi-daily security news regarding security incidents: breachs, defaced websites, hacked companies, etc. 
>
> I also will look for help in the upper management to be the project owner of the security initiatives. Having support 
> and enforcement from the upper management is critical. How do you get that, use security awareness.
>
> Best regards,
>
> Christian J. Moldes
> CISM, CISSP, CISA, MCSE:Security, CCNA, PCI QSA
> ISMS Lead Auditor (ISO 27001:2005)
>
>   

Also give every manager a copy of "Secrets & Lies" by Bruce Schneier,
ISBN 0-471-25311-1, see http://www.schneier.com/book-sandl.html
The problem is you can't be sure if they've read it ;-)
Regards,

Miguel