Reporting to Senior Management

[Kris.Kendrick () midfirst com]

All of us in this field understand that Information Security is viewed by
our superiors as alot of "needed" overhead.  But as security folks, we need
to be able to sell our product on a seemingly daily basis.  We struggle
showing any added value or ROI to information security unless something
"bad" happens to our networks.  I am currently tasked with reporting log
aggregation to senior management (information such as DAT file status for
our anti-virus software, security log review on various critical servers,
RAS access reviews etc).

Do any of you have any suggestion as to how to present this information to
senior management?  Are there any tools out there that would be useful to
report network security activity besides expensive solutions such as
Bindview and Pentasafe.

Thanks
Kris


---------------------------------------------------------------------------
----------------------------------------------------------------------------