Re: Mtgs with people outside of IT?

[Barbara Torney <bt42 () COLUMBIA EDU>]

Valdis Kletnieks <Valdis.Kletnieks () VT EDU> wrote:

> On Wed, 12 May 2010 09:15:06 MDT, "Raymond, Jessica" said:
>
> > in which to discuss IT security topics with people outside of IT.  I've
> > been doing this for a year now and find myself at a loss for what to
> > discuss in the meeting and how to make it beneficial and worthwhile for
> > those in attendance.  Do you hold these types of meetings, and if so,
> > what agenda items are discussed?
>
> Radical concept - make a list of the people/offices that should be attending
> (with particular emphasis on those that *don't* attend), contact them, and
> ask *them* what presentations would be most likely to get them involved. You'll
> probably get a lot of "I feel like an idiot, but I don't understand University
> Policy 193A-5", "Can somebody explain how to do XYZ right without hosing
> up our business practices?", or "I saw a thing online that somebody figured
> out that all our antivirus are useless, what's up with that?"(*).
>
> Hope that helps.
>
> (*) AV broken? http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/
> Not really:
> F-Secure: http://www.f-secure.com/weblog/archives/00001949.html
> Trend: http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/
> Sophos: http://www.sophos.com/blogs/gc/g/2010/05/11/khobe-vulnerability-game-security-software/
> ESET: http://www.eset.com/blog/2010/05/11/khobe-wan-these-arent-the-droids-youre-looking-for
>
> There you go - instant in-the-news topic.  By the time you explain what
> a TOCTTOU race is, and then explain why it doesn't matter *that* much in this
> case because it depends on an already-compromised box, your time will be up. ;)