Security Basics mailing list archives
Re: security not a big priority?
From: secbasics () dusty ece cmu edu
Date: Thu, 15 Feb 2007 17:44:33 -0500
On Thu, Feb 15, 2007 at 10:43:46AM -0600, Francois Yang wrote:
This is a community college, so I've sent an e-mail to my boss everytime there was news about a school being hacked and in every e-mail I've added comments on how they could have prevented being compromised. I even wrote a long letter describing why we need such things as IDS and what could happen if we don't have one. I also included a long list of schools that were hacked into in 2006. apparently that doesn't seem to be affective.
It's very simple Francois. You need to build a business case for why your security changes are important. You need to show ROI. You need to show in concrete business terms the amount that your school stands to lose in the event of a breach. You need to justify the probability of compromise without the IDS and you need to justify the probability of compromise with the IDS (hint: they're the same, it's not an IPS unless that's what you meant) and then you need to show the amount of damage that can be done without notification and with. You can't expect your boss to automatically assume security is important if you can't show in concrete (or even estimated) business terms how it stacks up against these other competing projects. Hope that helps Aaron
Current thread:
- security not a big priority? Francois Yang (Feb 15)
- Message not available
- Re: security not a big priority? Francois Yang (Feb 15)
- RE: security not a big priority? David Rosenhan (Feb 15)
- Re: security not a big priority? Francois Yang (Feb 15)
- Message not available
- Message not available
- Re: security not a big priority? Francois Yang (Feb 15)
- Re: security not a big priority? secbasics (Feb 16)
- Re: security not a big priority? secbasics (Feb 16)
- Re: security not a big priority? Francois Yang (Feb 15)
- Re: security not a big priority? Josh Miller (Feb 15)
- Re: security not a big priority? Francois Yang (Feb 15)
- RE: security not a big priority? jbeauford (Feb 15)
- Re: security not a big priority? Francois Yang (Feb 15)
- Re: security not a big priority? Brian Loe (Feb 15)
- Re: security not a big priority? Nathaniel Hall (Feb 15)
- Re: security not a big priority? gerald_309 Gerald (Feb 15)
- Message not available
- Re: security not a big priority? Francois Yang (Feb 15)
- Re: security not a big priority? Jason P. Rusch (Feb 16)