Re: Re: security not a big priority?

["Jax Lion" <jv4l1n4 () gmail com>]

You can make the business case - All it takes is one security breach
and <insert name> University will make the Headline news and Front
page!"

http://www.privacyrights.org/ar/ChronDataBreaches.htm

---
"We never had a security problem before"
"Security just slow us down"
"Who should I bill for the overhead cost?"
"This is the way, we've been doing it and it works!"
"I have IP tables that's a firewall!"
"I have antivirus, I'm secured"
"I need this site launched now, or we will lose money! I'll get the
security review later"
"What do you mean, I can't have admin rights - I can't do my job!"

Although, I'm in a different industry, trying to convince management
to invest in security is also a very slow process. But that's part of
the challenge being security professionals. The job is never easy, but
somebody has got to do it.




On 17 Feb 2007 06:50:55 -0000, Anonymous () msn com <Anonymous () msn com> wrote:
> I work for one of the biggest universities in the US and they barely care about security, so I think you may be in for an up hill 
> battle. I've been trying for years without any luck, the same story comes back from managment over and over, "we never had 
> any security problems so why should we invest money to prevent them" and thats a direct quote from more than one person in 
> managment.