Security Basics mailing list archives
Re: InfoSec Importance
From: "Chris Dalton" <Chris.Dalton () capitalonebank com>
Date: Fri, 02 Jun 2006 14:57:58 -0500
Look at the ISACA website. Chris G. Dalton C.P.A. Corporate Audit Services Capital One Financial 1-504-533-6419 phone 1-504-533-2355 fax
"Nick Owen" <nickowen () mindspring com> 06/02/06 1:28 PM >>>
Mohamad Mneimneh wrote:
Hi List, I am trying to convince my management of the importance of having a security officer in the enterprise. I have googled the topic, but
not
much was found. I would really benefit from your suggestions on how
to
approach the management.
Mohamad: I think a financial & risk management approach is best. I recommend you look at the value of the assets that need protection and the risks of exposure of those assets. Google 'average loss expectancy', ALE or Annual ALE. It may be that your company is not big enough to justify a security officer. There is a book called "Managing Cybersecurity Resources: A Cost-Benefit Analysis" from Gordon and Loeb that is a pretty good start. http://www.amazon.com/gp/product/0071452850/104-1775726-5941529?v=glance&n=283155 Is your firm covered by a regulation that might warrant a security officer, such as (in the US), GLB, HIPAA, SarBox, etc? You might argue that your firm is 'required' to have such a position or you might get counsel to argue your case for you. HTH, Nick -- Nick Owen WiKID Systems, Inc. 404.962.8983 http://www.wikidsystems.com Commercial/Open Source Two-Factor Authentication https://www.linkedin.com/in/nickowen
Current thread:
- How can I track this down? Nick Duda (Jun 01)
- RE: How can I track this down? Roger A. Grimes (Jun 01)
- Re: How can I track this down? ilaiy (Jun 01)
- InfoSec Importance Mohamad Mneimneh (Jun 02)
- RE: InfoSec Importance Andrew Chong (Jun 02)
- RE: InfoSec Importance David Gillett (Jun 02)
- Re: InfoSec Importance Nick Owen (Jun 02)
- Re: InfoSec Importance Chris Dalton (Jun 05)
- Re: How can I track this down? ilaiy (Jun 01)
- RE: InfoSec Importance SS (Jun 02)
- Re: InfoSec Importance infosecadmin (Jun 05)
- RE: How can I track this down? Roger A. Grimes (Jun 01)
- RE: How can I track this down? Erin Carroll (Jun 09)
- <Possible follow-ups>
- RE: How can I track this down? Portz, Jon (Jun 01)
- Re: RE: How can I track this down? dlong (Jun 02)