Security Basics mailing list archives
RE: Senior management really concerns about security?
From: "Adewale, Akin (IT Services - Infosec Team)" <Akin.Adewale () capita co uk>
Date: Thu, 5 Jun 2008 23:45:21 +0100
Hi, Create a risk register, highlight the risk and the likelihood and get them to accept the risk, if they do then enter it in the register as accepted risk, but always make sure they formally accept the risk, e.g. by email and keep the record. If you work in a medium - large enterprise, changes will always go through change management process where someone has to assess the risk and a management person has to approve the change, in this case you can go one step further and enter the change reference number in your risk register (this can even be a spreadsheet). With the above, if anything happens as fallout from the change, you can always produce hard evidence that they were informed and they accepted the risk. Akin Adewale Akin Adewale -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of acwang0048 () gmail com Sent: 05 June 2008 10:36 To: security-basics () securityfocus com Subject: Senior management really concerns about security? Hi all, Just want to ask whether you guys have encountered some unreasonable requests from your senior management (e.g. ceo) whereby you as an IT personnel understands the potential security risks involved. But then, when you try to explain the security risks or consequence to them, they won't listen and just tell you they need this because of business function. At the end, you can't do anything but to adhere what they request. But then, this leads to so many exceptions created for senior management. Well, this is what I am currently facing!!! Anyone has a better way to deal with this? Cheers, Wang This email has been scanned for all viruses by the MessageLabs SkyScan service. This email and any attachment are intended solely for the addressee, are strictly confidential and may be legally privileged. If you are not the intended recipient any reading, dissemination, copying or any other use or reliance is prohibited. If you have received this email in error please notify the sender immediately by email and then permanently delete the email. Copyright reserved. All communications, incoming and outgoing, may be recorded and are monitored for legitimate business purposes. The security and reliability of email transmission cannot be guaranteed. It is the recipients responsibility to scan this e-mail and any attachment for the presence of viruses. The Capita Group plc and its subsidiaries (Capita) exclude all liability for any loss or damage whatsoever arising or resulting from the receipt, use or transmission of this email. Any views or opinions expressed in this email are those of the author only.
Current thread:
- Senior management really concerns about security? acwang0048 (Jun 05)
- RE: Senior management really concerns about security? CISO (Jun 05)
- Re: Senior management really concerns about security? Adriel Desautels (Jun 05)
- Re: Senior management really concerns about security? romain (Jun 05)
- Re: Senior management really concerns about security? Kurt Buff (Jun 05)
- RE: Senior management really concerns about security? Sinha, Amitabh (Amit) (Jun 05)
- Re: Senior management really concerns about security? Kola Salami (Jun 05)
- Re: Senior management really concerns about security? Shawn A. Corrello (Jun 05)
- Re: Senior management really concerns about security? Adriel Desautels (Jun 05)
- RE: Senior management really concerns about security? Daniel I. Didier (Jun 05)
- RE: Senior management really concerns about security? Adewale, Akin (IT Services - Infosec Team) (Jun 06)
- Re: Senior management really concerns about security? afam mbanefo (Jun 06)
- Re: Senior management really concerns about security? Anjar Priandoyo (Jun 13)
- RE: Senior management really concerns about security? CISO (Jun 05)