Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: How to create security awareness in top management

From: "David Gillett" <gillettdavid () fhda edu>
Date: Thu, 12 Oct 2006 15:48:53 -0700
I would surmise that instead of focusing on technical 
statistics of incidents, look at the $$$ statistics, 
compliance penalties, lawsuit opportunities (like lost client 
info) and other elements that hit the bottom line of the 
business - in the end it might have a better chance of 
getting their attention.


  While there are individual exceptions, there are two universals in
getting upper management attention:

1.  $$$ to be gained or lost

2.  YOU could go to jail

  (It doesn't have to be "you will"; for >90%, "you could" is enough
to get their attention.  See Sarbanes-Oxley, etc.)

David Gillett



---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: