Home page logo
/

basics logo Security Basics mailing list archives

Re: Business Case
From: Miguel Dilaj <miguel.dilaj () oissg org>
Date: Wed, 01 Aug 2007 14:51:19 -0300

Christian_Moldes () hotmail com escribió:
Some resources that may be useful are:

THE BUSINESS CASE FOR NETWORK SECURITY: ADVOCACY, GOVERNANCE, AND ROI
Cisco Press, ISBN : 1-58720-121-6 


The Information Systems Security Officer's Guide: Establishing and Managing an Information Protection Program, Second 
Edition
Butterworth Heinemann, ISBN: 0750676566


Surviving Security: How to Integrate People, Process, and Technology, Second Edition
Auerbach Publications, ISBN: 0849320429


If I were you I will start with security awareness
providing semi-daily security news regarding security incidents: breachs, defaced websites, hacked companies, etc. 

I also will look for help in the upper management to be the project owner of the security initiatives. Having support 
and enforcement from the upper management is critical. How do you get that, use security awareness.

Best regards,

Christian J. Moldes
CISM, CISSP, CISA, MCSE:Security, CCNA, PCI QSA
ISMS Lead Auditor (ISO 27001:2005)

  

Also give every manager a copy of "Secrets & Lies" by Bruce Schneier,
ISBN 0-471-25311-1, see http://www.schneier.com/book-sandl.html
The problem is you can't be sure if they've read it ;-)
Regards,

Miguel



  By Date           By Thread  

Current thread:
  • Re: Business Case Christian_Moldes (Aug 01)
    • Re: Business Case Miguel Dilaj (Aug 01)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault