Security Basics mailing list archives
Re: Mangement security report
From: "Adam Pal" <pal_adam () gmx net>
Date: Thu, 13 Mar 2008 16:33:37 +0100
Hi Patrick I suggest, you move away from the point of view of a security report to the point of view of the management, like "what would be the management interested in?" If your german skills are ok, you can try to have a look at BSI Grundschutz, otherwise having a quick-view at Cobit can help you to find an answer too. Basicaly, i would say it should include business-relevant facts since imho. management is not intrested in how good the firewall works and how much spam has been filtered, but in an approach to costs, like working costs for filtering spam manualy vs. saved costs by filtering N spam-mails by the new system, costs needed to repair intrusion damage vs. saved costs by blocking N illegal access attempts. For 2nd, 3rd and next reports you could also include trends, from last reports up to now, dont forget management loves charts :) Just take it as a draft. regards Adam Pal -------- Original-Nachricht --------
Datum: Thu, 13 Mar 2008 11:05:58 -0400 Von: Patrick A Hendrick <phendrick () gmail com> An: security-basics () securityfocus com Betreff: Mangement security report
I know this has come across this list before, but I would appreciate any feedback. I want to begin giving either monthly or quarterly security reports to management. I'm curious if there are standards for these types of reports, such as what should be included. I'm afraid that I would get too detailed. What items do you recommend being in a management security report?
-- Psst! Geheimtipp: Online Games kostenlos spielen bei den GMX Free Games! http://games.entertainment.gmx.net/de/entertainment/games/free
Current thread:
- Mangement security report Patrick A Hendrick (Mar 13)
- Re: Mangement security report Adam Pal (Mar 13)
- Re: Mangement security report Pierre Cadieux (Mar 13)
- <Possible follow-ups>
- Re: Mangement security report krymson (Mar 14)