Security Basics mailing list archives
Re: How to create security awareness in top management
From: David Jacoby <security () outpost24 com>
Date: Sat, 07 Oct 2006 02:41:44 +0200
Hi! I do agree with what William Woodhams wrote. It is a good idea to show them real attacks, but you also need to change focus in your presentation and nottalk about technical information, how overflows work and how easy it is to exploit a SQL injection. What you really need to focus on is to inform your management on how does there vulnerabilities affect your organization. If someone successfully
exploits any present vulnerability how does that affect your organization. May the attacker steal sensitive information?May the attacker obtain administrative/root privileges? (and how does that affect you)
May the attacker inject its own code to your web applications? May the attacker modify content? May the attacker invade your integrity? May the attacker affect your availability?What you should read more about is the C.I.A (Confidentiality, Integrity, Availably) There are tons of websites and books discussing this, this is how you easily can
measure the impact of vulnerabilities. I hope this makes sense. Best regards, David Jacoby itsec.info skrev:
Hi all I have got a job to make top management aware that their company must take care about information security (presentation and discussions). I will not go into too much technical details and I would like to start with some good stories which show in an easy and understandable way that information security is needed. Does anybody has some information where I can take out some good ideas to start with? -- Any help is very much appreciated. Regards, Mike --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
-- David Jacoby Vice President Customer Experience http://www.outpost24.com phone: +46-(0)455-612311 fax : +46-(0)455-13960 email: dj () outpost24 com This communication contains information which is confidential and may also be privileged. It is for the exclusive use of the intended recipient(s). If you are not the intended recipient(s) please note that any for of distribution, copying or use of this communication or the information in it is strictly prohibited and may be unlawful. If you have received this communication in error please return it to the end. --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- How to create security awareness in top management itsec.info (Oct 02)
- Re: How to create security awareness in top management Petrus Repo (Oct 03)
- Re: How to create security awareness in top management David Jacoby (Oct 10)
- Re: How to create security awareness in top management itsec.info (Oct 11)
- Re: How to create security awareness in top management Saqib Ali (Oct 11)
- Re: How to create security awareness in top management Rubén Aquino Luna (Oct 12)
- RE: How to create security awareness in top management Ryan Counts (Oct 12)
- RE: How to create security awareness in top management David Gillett (Oct 13)
- Re: How to create security awareness in top management David Jacoby (Oct 13)
- Re: How to create security awareness in top management itsec.info (Oct 11)
- <Possible follow-ups>
- RE: How to create security awareness in top management William Woodhams (Oct 03)
- Re: How to create security awareness in top management Steve Hillier (Oct 03)
- Re: How to create security awareness in top management Alexander Bolante (Oct 03)
- Re: How to create security awareness in top management Davejess (Oct 03)