Security Basics mailing list archives
Re: Re: security not a big priority?
From: "Alexander Bolante" <alexander.bolante () gmail com>
Date: Mon, 19 Feb 2007 10:27:13 -0700
You shouldn't come up with a solution without first finding a problem. See if doing a risk assessment or security risk analysis of some sort is a viable option for your University. You're right. Getting buy-in from Upper Management will always be an uphill battle because they essentially care about one thing -- the bottom line. The problem is they also shouldn't claim what they can't technically prove. If Management can prove the University is safe from any real threats, what evidence are they basing their claims on and where are they getting their information? Good luck! Cheers! Alexander On 2/19/07, Jax Lion <jv4l1n4 () gmail com> wrote:
You can make the business case - All it takes is one security breach and <insert name> University will make the Headline news and Front page!" http://www.privacyrights.org/ar/ChronDataBreaches.htm --- "We never had a security problem before" "Security just slow us down" "Who should I bill for the overhead cost?" "This is the way, we've been doing it and it works!" "I have IP tables that's a firewall!" "I have antivirus, I'm secured" "I need this site launched now, or we will lose money! I'll get the security review later" "What do you mean, I can't have admin rights - I can't do my job!" Although, I'm in a different industry, trying to convince management to invest in security is also a very slow process. But that's part of the challenge being security professionals. The job is never easy, but somebody has got to do it. On 17 Feb 2007 06:50:55 -0000, Anonymous () msn com <Anonymous () msn com> wrote: > I work for one of the biggest universities in the US and they barely care about security, so I think you may be in for an up hill battle. I've been trying for years without any luck, the same story comes back from managment over and over, "we never had any security problems so why should we invest money to prevent them" and thats a direct quote from more than one person in managment. >
-- DISCLAIMER This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.
Current thread:
- Re[2]: security not a big priority?, (continued)
- Re[2]: security not a big priority? Adam Pal (Feb 23)
- Re: Re: security not a big priority? Anonymous (Feb 15)
- Re: security not a big priority? Francois Yang (Feb 15)
- Re: security not a big priority? crazy frog crazy frog (Feb 15)
- RE: security not a big priority? Nhon Yeung (Feb 15)
- RE: security not a big priority? Craig Wright (Feb 15)
- Re: security not a big priority? Henry Troup (Feb 15)
- Re: security not a big priority? saltynetguru (Feb 16)
- Re: Re: security not a big priority? Anonymous (Feb 19)
- Re: Re: security not a big priority? Jax Lion (Feb 19)
- Re: Re: security not a big priority? Alexander Bolante (Feb 20)
- Re: Re: security not a big priority? Jax Lion (Feb 19)
- Re: Re: security not a big priority? cwwoods (Feb 19)
- Re: security not a big priority? steve . dake (Feb 20)
- Re: Re: security not a big priority? mehtaharshal (Feb 21)
- Re: Re: security not a big priority? Jason P. Rusch (Feb 23)
- RE: Re: security not a big priority? David Gillett (Feb 26)
- Re: Re: security not a big priority? Jason P. Rusch (Feb 23)