Educause Security Discussion mailing list archives

Re: success stories

From: Colleen Hurd <CHURD () VERMONTLAW EDU>
Date: Fri, 21 Nov 2008 11:09:58 -0500

Hi Kathy,
 
The I3P (Institute for Information Infrastructure Protection) has a project called Business Rationale for Cyber 
Security - some of the links on this page may be of use to you: 
 
http://www.thei3p.org/publications/busirat_publications.html 
 
Best,
 
Colleen Hurd
Network/Help Desk Technician
Vermont Law School
802-831-1354

Kathy Bergsma <kbergsma () UFL EDU> 11/19/2008 2:21 PM >>>

I'm interested in hearing about your success stories engaging senior
management support for security initiatives.  What methods worked at your 
institution?  I've suggested some methods below.  Let me know which ones have 
worked for you and identify others ideas not listed.

Fear, uncertainty and doubt
Metaphors and analogies
Comparison with peer institutions
Financial benefits such as ROI (return on investment)
Leverage an incident
Metrics
Working behind the scenes
Ask forgiveness rather than permission
Little by little baby steps
Relationship building with key players?  Who are the key players
Other ideas

-- 
Kathy Bergsma
UF Information Security Manager
352-392-2061

Current thread:

Re: success stories, (continued)
- Re: success stories Steve Brukbacher (Nov 19)
- Re: success stories Emilio Valente (Nov 19)
- Re: success stories Allison Dolan (Nov 19)
- Re: success stories Brenda B Gombosky (Nov 19)
- Re: success stories Bob Bayn (Nov 19)
- Re: success stories Lazor, Joseph (Nov 20)
- Re: success stories Doug Markiewicz (Nov 20)
- Re: success stories Steve Schuster (Nov 20)
- Re: success stories Suresh Balakrishnan (Nov 20)
- Re: success stories Brian T Nichols (Nov 20)
- Re: success stories Colleen Hurd (Nov 21)