Home page logo

basics logo Security Basics mailing list archives

Re: Re: security not a big priority?
From: "Alexander Bolante" <alexander.bolante () gmail com>
Date: Mon, 19 Feb 2007 10:27:13 -0700

You shouldn't come up with a solution without first finding a problem.
See if doing a risk assessment or security risk analysis of some sort
is a viable option for your University.

You're right. Getting buy-in from Upper Management will always be an
uphill battle because they essentially care about one thing -- the
bottom line. The problem is they also shouldn't claim what they can't
technically prove. If Management can prove the University is safe from
any real threats, what evidence are they basing their claims on and
where are they getting their information?

Good luck! Cheers!

On 2/19/07, Jax Lion <jv4l1n4 () gmail com> wrote:
You can make the business case - All it takes is one security breach
and <insert name> University will make the Headline news and Front


"We never had a security problem before"
"Security just slow us down"
"Who should I bill for the overhead cost?"
"This is the way, we've been doing it and it works!"
"I have IP tables that's a firewall!"
"I have antivirus, I'm secured"
"I need this site launched now, or we will lose money! I'll get the
security review later"
"What do you mean, I can't have admin rights - I can't do my job!"

Although, I'm in a different industry, trying to convince management
to invest in security is also a very slow process. But that's part of
the challenge being security professionals. The job is never easy, but
somebody has got to do it.

On 17 Feb 2007 06:50:55 -0000, Anonymous () msn com <Anonymous () msn com> wrote:
> I work for one of the biggest universities in the US and they barely care about security, so I think you may be in for an up hill 
battle. I've been trying for years without any luck, the same story comes back from managment over and over, "we never had any 
security problems so why should we invest money to prevent them" and thats a direct quote from more than one person in managment.

This message contains confidential information and is intended only
for the individual named. If you are not the named addressee you
should not disseminate, distribute or copy this e-mail. Please notify
the sender immediately by e-mail if you have received this e-mail by
mistake and delete this e-mail from your system.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]