Security Basics mailing list archives
RE: security not a big priority?
From: "Nhon Yeung" <Nhon.Yeung () cranegroup com au>
Date: Fri, 16 Feb 2007 09:25:58 +1100
Francois I'm assuming the long list of things to do are security problems that you have found or enhancements you would like to put in. One way of approaching this is to, create a policy for the desired state, so that things don't occur rather than retro fit everything you got listed. Sure create that list but put it in a risk register and make sure your manager accepts the risk. That way he would think twice before passing it. It'll keep if you can quantify the risk from a business point of view as management would be more receptive to this than just technicals. At least this way you can set guiding principals in which the network guys could work and prevent the same problems happening everytime. Sick at it, and if something happens and you've captured it you'll be the one saying i told you so :) Nhon -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]On Behalf Of Francois Yang Sent: Thursday, 15 February 2007 8:33 AM To: security-basics () securityfocus com Subject: security not a big priority? So I have a problem and like to know what you guys think. I'm a Security Analyst at an Education institute. A community college to be more precise. So I was brought on board to address security issues and work on making this place a better place. Now the problem is. 1. I'm in the network operation team. no security group. 2. My boss doesn't seem to know much about security. 3. My boss doesn't seem to think highly of security since all my projects seems to be of low priority. 4. I have a long list of things that needs to be done and they are all waiting for the engineers to work on it. But again they have better things to do. So what am I suppose to do? look for another job? :) anyone run into this problem before? I'm at the point where I'm not sure what to do. Thanks. -- If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology. Bruce Schneier Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Crane Group
Current thread:
- Re: security not a big priority?, (continued)
- Re: security not a big priority? Jason P. Rusch (Feb 16)
- RE: security not a big priority? David Gillett (Feb 16)
- Re: security not a big priority? Isaac Perez (Feb 16)
- Re: security not a big priority? Aman Raheja (Feb 19)
- Re: security not a big priority? Sandip Wadje-Infosec (Feb 19)
- RE: security not a big priority? Tony UcedaVĂ©lez (Feb 21)
- Re[2]: security not a big priority? Adam Pal (Feb 23)
- Re: Re: security not a big priority? Anonymous (Feb 15)
- Re: security not a big priority? Francois Yang (Feb 15)
- Re: security not a big priority? crazy frog crazy frog (Feb 15)
- RE: security not a big priority? Nhon Yeung (Feb 15)
- RE: security not a big priority? Craig Wright (Feb 15)
- Re: security not a big priority? Henry Troup (Feb 15)
- Re: security not a big priority? saltynetguru (Feb 16)
- Re: Re: security not a big priority? Anonymous (Feb 19)
- Re: Re: security not a big priority? Jax Lion (Feb 19)
- Re: Re: security not a big priority? Alexander Bolante (Feb 20)
- Re: Re: security not a big priority? Jax Lion (Feb 19)
- Re: Re: security not a big priority? cwwoods (Feb 19)
- Re: security not a big priority? steve . dake (Feb 20)
- Re: Re: security not a big priority? mehtaharshal (Feb 21)
- Re: Re: security not a big priority? Jason P. Rusch (Feb 23)
(Thread continues...)