Re: How to create security awareness in top management

["Alexander Bolante" <alexander.bolante () gmail com>]

Is governance, legal and regulatory compliance a business driver for
Top Management? If so, you should consider including them in your
preso:

- SOX
- HIPAA
- Gramm Leach Bliley
- European Data Protection Directive
- etc.

Definitely mention factoids about information security like "it
remains a top 5 CIO issue" or pull some latest statistics from
Gartner, Forrester, etc.

Information security is a set of activities driven by business policy
that minimize the business costs (risk) of damage to information
assets in all forms. You may also want to talk more about activities
of secure information handling and provide relevant examples:

Authentication: I know who I am talking to.
Administration: I can set the rules.
Authorization: I can enforce the rules.
Availability: The system is there when I need it.
Asset Protection: I can prevent modification/disclosure in transit or
in storage.
Accountability: I know who did what and when.
Assurance/Auditability: The system is working the way I think it is,
and I can prove it.

The other elements suggested by the rest of this forum are a great
start for you. Good luck!

Cheers!
Alexander


On 10/2/06, William Woodhams <William.Woodhams () wegmans com> wrote:
> Depending how much time you have you can show how insecure your company
> is by showing real attacks and information that could be Easley
> acquired.  Also possibly deface the "test" public site and bring it up
> is another idea. This is just showing them that hey we are vulnerable.
>
>
> Bill Woodhams
> Systems Technician
> Development Group-Technical Systems
> (585)429-3183
> William.Woodhams () wegmans com
>
> Newcastle United signs Michael Owen...Enough Said!
>
> -----Original Message-----
> From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
> On Behalf Of itsec.info
> Sent: Monday, October 02, 2006 1:02 PM
> To: security-basics () securityfocus com
> Subject: How to create security awareness in top management
>
> Hi all
>
> I have got a job to make top management aware that their company must
> take care about information security (presentation and discussions).
>
> I will not go into too much technical details and I would like to start
> with some good stories which show in an easy and understandable way
> that information security is needed.
>
> Does anybody has some information where I can take out some good ideas
> to
> start with?
>
> --
> Any help is very much appreciated.
> Regards,
> Mike
>
> ------------------------------------------------------------------------
> ---
> This list is sponsored by: Norwich University
>
> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
> The NSA has designated Norwich University a center of Academic
> Excellence
> in Information Security. Our program offers unparalleled Infosec
> management
> education and the case study affords you unmatched consulting
> experience.
> Using interactive e-Learning technology, you can earn this esteemed
> degree,
> without disrupting your career or home life.
>
> http://www.msia.norwich.edu/secfocus
> ------------------------------------------------------------------------
> ---
>
>
> ---------------------------------------------------------------------------
> This list is sponsored by: Norwich University
>
> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
> The NSA has designated Norwich University a center of Academic Excellence
> in Information Security. Our program offers unparalleled Infosec management
> education and the case study affords you unmatched consulting experience.
> Using interactive e-Learning technology, you can earn this esteemed degree,
> without disrupting your career or home life.
>
> http://www.msia.norwich.edu/secfocus
> ---------------------------------------------------------------------------


--
DISCLAIMER
This message contains confidential information and is intended only
for the individual named. If you are not the named addressee you
should not disseminate, distribute or copy this e-mail. Please notify
the sender immediately by e-mail if you have received this e-mail by
mistake and delete this e-mail from your system.

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------