Security Basics mailing list archives
Re: Senior management really concerns about security?
From: "Kurt Buff" <kurt.buff () gmail com>
Date: Thu, 5 Jun 2008 08:45:18 -0700
You have basically three options: 1) Find a better company to work for. 2) Do what they ask, without question, and hope for the best. This course is likely to lead, sooner rather than later, to the first option, because either the company will fold, or you will be blamed for the security breach. 3) Document your concerns - write an email or whitepaper outlining your concerns, with as many specifics as you can, including a representation that the document and the tasks under consideration should be approved by the company's legal staff. Present it for the responsible manager's signature, with the acknowledgment that you will implement it if signed, and include a clause that you are not to be held responsible if a breach of security happens, if the order has been executed with due care. If management is truly stupid, this course is quite likely to lead, sooner rather than later, and perhaps involuntarily, to the first option. If management is smart, and you do a good job of presenting your concerns, you will have benefited both yourself and the company. Of course, you had better be correct that what they are asking for is worth this level of concern, because if it is not, then option 1 is again most likely to be your path, and again it will most likely be involuntary. Kurt On Thu, Jun 5, 2008 at 2:36 AM, <acwang0048 () gmail com> wrote:
Hi all, Just want to ask whether you guys have encountered some unreasonable requests from your senior management (e.g. ceo) whereby you as an IT personnel understands the potential security risks involved. But then, when you try to explain the security risks or consequence to them, they won't listen and just tell you they need this because of business function. At the end, you can't do anything but to adhere what they request. But then, this leads to so many exceptions created for senior management. Well, this is what I am currently facing!!! Anyone has a better way to deal with this? Cheers, Wang
Current thread:
- Senior management really concerns about security? acwang0048 (Jun 05)
- RE: Senior management really concerns about security? CISO (Jun 05)
- Re: Senior management really concerns about security? Adriel Desautels (Jun 05)
- Re: Senior management really concerns about security? romain (Jun 05)
- Re: Senior management really concerns about security? Kurt Buff (Jun 05)
- RE: Senior management really concerns about security? Sinha, Amitabh (Amit) (Jun 05)
- Re: Senior management really concerns about security? Kola Salami (Jun 05)
- Re: Senior management really concerns about security? Shawn A. Corrello (Jun 05)
- Re: Senior management really concerns about security? Adriel Desautels (Jun 05)
- RE: Senior management really concerns about security? Daniel I. Didier (Jun 05)
- RE: Senior management really concerns about security? Adewale, Akin (IT Services - Infosec Team) (Jun 06)
- Re: Senior management really concerns about security? afam mbanefo (Jun 06)
- Re: Senior management really concerns about security? Anjar Priandoyo (Jun 13)
- RE: Senior management really concerns about security? CISO (Jun 05)