Re: InfoSec Importance

["Chris Dalton" <Chris.Dalton () capitalonebank com>]

Look at the ISACA website.

Chris G. Dalton C.P.A.
Corporate Audit Services
Capital One Financial
1-504-533-6419 phone
1-504-533-2355 fax

> > > "Nick Owen" <nickowen () mindspring com> 06/02/06 1:28 PM >>>
Mohamad Mneimneh wrote:
> Hi List,
>
> I am trying to convince my management of the importance of having a
> security officer in the enterprise. I have googled the topic, but
not
> much was found. I would really benefit from your suggestions on how
to
> approach the management.

Mohamad:

I think a financial & risk management approach is best.  I recommend
you
look at the value of the assets that need protection and the risks of
exposure of those assets. Google 'average loss expectancy', ALE or
Annual ALE.  It may be that your company is not big enough to justify
a
security officer.

There is a book called "Managing Cybersecurity Resources: A
Cost-Benefit
Analysis" from Gordon and Loeb that is a pretty good start.
http://www.amazon.com/gp/product/0071452850/104-1775726-5941529?v=glance&n=283155


Is your firm covered by a regulation that might warrant a security
officer, such as (in the US), GLB, HIPAA, SarBox, etc?  You might
argue
that your firm is 'required' to have such a position or you might get
counsel to argue your case for you.

HTH,

Nick


-- 
Nick Owen
WiKID Systems, Inc.
404.962.8983
http://www.wikidsystems.com 
Commercial/Open Source Two-Factor Authentication
https://www.linkedin.com/in/nickowen