Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Basics: Re: InfoSec Importance

Re: InfoSec Importance

From: Nick Owen <nickowen_at_mindspring.com>
Date: Fri, 02 Jun 2006 14:28:22 -0400

Mohamad Mneimneh wrote:
> Hi List,
>
> I am trying to convince my management of the importance of having a
> security officer in the enterprise. I have googled the topic, but not
> much was found. I would really benefit from your suggestions on how to
> approach the management.

Mohamad:

I think a financial & risk management approach is best. I recommend you
look at the value of the assets that need protection and the risks of
exposure of those assets. Google 'average loss expectancy', ALE or
Annual ALE. It may be that your company is not big enough to justify a
security officer.

There is a book called "Managing Cybersecurity Resources: A Cost-Benefit
Analysis" from Gordon and Loeb that is a pretty good start.
http://www.amazon.com/gp/product/0071452850/104-1775726-5941529?v=glance&n=283155

Is your firm covered by a regulation that might warrant a security
officer, such as (in the US), GLB, HIPAA, SarBox, etc? You might argue
that your firm is 'required' to have such a position or you might get
counsel to argue your case for you.

HTH,

Nick 

-- 
Nick Owen
WiKID Systems, Inc.
404.962.8983
http://www.wikidsystems.com
Commercial/Open Source Two-Factor Authentication
https://www.linkedin.com/in/nickowen
Received on Jun 02 2006
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos