Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: success stories

From: Steve Brukbacher <sab2 () UWM EDU>
Date: Wed, 19 Nov 2008 13:31:24 -0600
Performing a risk assessment helps us out.  If you can get them to commit a few hours of staff time to an RA then you 
can provide some assurance that whatever steps you recommend are well reasoned and show a risk-based strategy for 
identifying solving security problems.  This helps me to avoid the impression that an initiative is just the security 
people being paranoid.

--
Steve Brukbacher
University of Wisconsin Milwaukee
Information Security Architect
UWM Computer Security Web Site
www.security.uwm.edu
Phone: 414.229.2224
Main Office: 414.229.1100


----- Original Message -----
From: "Kathy Bergsma" <kbergsma () UFL EDU>
To: SECURITY () LISTSERV EDUCAUSE EDU
Sent: Wednesday, November 19, 2008 1:21:53 PM GMT -06:00 US/Canada Central
Subject: [SECURITY] success stories

I'm interested in hearing about your success stories engaging senior
management support for security initiatives.  What methods worked at your
institution?  I've suggested some methods below.  Let me know which ones have
worked for you and identify others ideas not listed.

Fear, uncertainty and doubt
Metaphors and analogies
Comparison with peer institutions
Financial benefits such as ROI (return on investment)
Leverage an incident
Metrics
Working behind the scenes
Ask forgiveness rather than permission
Little by little baby steps
Relationship building with key players?  Who are the key players
Other ideas

--
Kathy Bergsma
UF Information Security Manager
352-392-2061
Previous By Date Next
Previous By Thread Next

Current thread: