Security Basics mailing list archives

Re: Re: security not a big priority?

From: "Alexander Bolante" <alexander.bolante () gmail com>
Date: Mon, 19 Feb 2007 10:27:13 -0700

You shouldn't come up with a solution without first finding a problem.
See if doing a risk assessment or security risk analysis of some sort
is a viable option for your University.

You're right. Getting buy-in from Upper Management will always be an
uphill battle because they essentially care about one thing -- the
bottom line. The problem is they also shouldn't claim what they can't
technically prove. If Management can prove the University is safe from
any real threats, what evidence are they basing their claims on and
where are they getting their information?

Good luck! Cheers!
Alexander

On 2/19/07, Jax Lion <jv4l1n4 () gmail com> wrote:

You can make the business case - All it takes is one security breach
and <insert name> University will make the Headline news and Front
page!"

http://www.privacyrights.org/ar/ChronDataBreaches.htm

---
"We never had a security problem before"
"Security just slow us down"
"Who should I bill for the overhead cost?"
"This is the way, we've been doing it and it works!"
"I have IP tables that's a firewall!"
"I have antivirus, I'm secured"
"I need this site launched now, or we will lose money! I'll get the
security review later"
"What do you mean, I can't have admin rights - I can't do my job!"

Although, I'm in a different industry, trying to convince management
to invest in security is also a very slow process. But that's part of
the challenge being security professionals. The job is never easy, but
somebody has got to do it.




On 17 Feb 2007 06:50:55 -0000, Anonymous () msn com <Anonymous () msn com> wrote:
> I work for one of the biggest universities in the US and they barely care about security, so I think you may be in for an up hill 
battle. I've been trying for years without any luck, the same story comes back from managment over and over, "we never had any 
security problems so why should we invest money to prevent them" and thats a direct quote from more than one person in managment.
>



--
DISCLAIMER
This message contains confidential information and is intended only
for the individual named. If you are not the named addressee you
should not disseminate, distribute or copy this e-mail. Please notify
the sender immediately by e-mail if you have received this e-mail by
mistake and delete this e-mail from your system.

Current thread:

Re[2]: security not a big priority?, (continued)
- - Re[2]: security not a big priority? Adam Pal (Feb 23)
- Re: Re: security not a big priority? Anonymous (Feb 15)
- Re: security not a big priority? Francois Yang (Feb 15)
  - Re: security not a big priority? crazy frog crazy frog (Feb 15)
- RE: security not a big priority? Nhon Yeung (Feb 15)
- RE: security not a big priority? Craig Wright (Feb 15)
- Re: security not a big priority? Henry Troup (Feb 15)
- Re: security not a big priority? saltynetguru (Feb 16)
- Re: Re: security not a big priority? Anonymous (Feb 19)
  - Re: Re: security not a big priority? Jax Lion (Feb 19)
    - Re: Re: security not a big priority? Alexander Bolante (Feb 20)
- Re: Re: security not a big priority? cwwoods (Feb 19)
- Re: security not a big priority? steve . dake (Feb 20)
- Re: Re: security not a big priority? mehtaharshal (Feb 21)
  - Re: Re: security not a big priority? Jason P. Rusch (Feb 23)
    - RE: Re: security not a big priority? David Gillett (Feb 26)