Re: success stories

[Brenda B Gombosky <brenda.gombosky () LOUISVILLE EDU>]

Kathy I regularly send out breach reports to senior management and even though I am a member of senior management - I 
use these to get my points across and it is quite effective.  I was able to procure funding for whole disk encryption 
just recently.  I say, bombard them with information. There are several sites but this one deals with Educational 
Security Incidents - http://www.adamdodge.com/esi/ 
 
Brenda B. Gombosky, CISSP, CISM, CHSP
Director, Enterprise Security  
Information Technology
University of Louisville
Miller IT Center, Room 109
Louisville, KY 40292
(502)852-5037
(502)419-6689



> > > Kathy Bergsma <kbergsma () UFL EDU> 11/19/2008 2:21 PM >>>
I'm interested in hearing about your success stories engaging senior
management support for security initiatives.  What methods worked at your 
institution?  I've suggested some methods below.  Let me know which ones have 
worked for you and identify others ideas not listed.

Fear, uncertainty and doubt
Metaphors and analogies
Comparison with peer institutions
Financial benefits such as ROI (return on investment)
Leverage an incident
Metrics
Working behind the scenes
Ask forgiveness rather than permission
Little by little baby steps
Relationship building with key players?  Who are the key players
Other ideas

-- 
Kathy Bergsma
UF Information Security Manager
352-392-2061