mailing list archives
Re: Senior management really concerns about security?
From: "afam mbanefo" <afamm () willaf com>
Date: Fri, 6 Jun 2008 15:35:29 +0000
I will always send an email detailing the security issues and technical issue with any change and get a response from
This way you are covered in case of any disaster.
This email will be copied to the guys responsible for decision making in the company before you get into the
technicalities of change management and paperwork.
From: "Adewale, Akin (IT Services - Infosec Team)" <Akin.Adewale () capita co uk>
Date: Thu, 5 Jun 2008 23:45:21
To:<acwang0048 () gmail com>, <security-basics () securityfocus com>
Subject: RE: Senior management really concerns about security?
Create a risk register, highlight the risk and the likelihood and get
them to accept the risk, if they do then enter it in the register as
accepted risk, but always make sure they formally accept the risk, e.g.
by email and keep the record.
If you work in a medium - large enterprise, changes will always go
through change management process where someone has to assess the risk
and a management person has to approve the change, in this case you can
go one step further and enter the change reference number in your risk
register (this can even be a spreadsheet).
With the above, if anything happens as fallout from the change, you can
always produce hard evidence that they were informed and they accepted
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of acwang0048 () gmail com
Sent: 05 June 2008 10:36
To: security-basics () securityfocus com
Subject: Senior management really concerns about security?
Just want to ask whether you guys have encountered some unreasonable
requests from your senior management (e.g. ceo) whereby you as an IT
personnel understands the potential security risks involved. But then,
when you try to explain the security risks or consequence to them, they
won't listen and just tell you they need this because of business
At the end, you can't do anything but to adhere what they request. But
then, this leads to so many exceptions created for senior management.
Well, this is what I am currently facing!!!
Anyone has a better way to deal with this?
This email has been scanned for all viruses by the MessageLabs SkyScan
This email and any attachment are intended solely for the addressee, are strictly confidential and may be legally
privileged. If you are not the intended recipient any reading, dissemination, copying or any other use or reliance is
prohibited. If you have received this email in error please notify the sender immediately by email and then permanently
delete the email. Copyright reserved.
All communications, incoming and outgoing, may be recorded and are monitored for legitimate business purposes.
The security and reliability of email transmission cannot be guaranteed. It is the recipient’s responsibility to scan
this e-mail and any attachment for the presence of viruses.
The Capita Group plc and its subsidiaries (“Capita”) exclude all liability for any loss or damage whatsoever arising or
resulting from the receipt, use or transmission of this email.
Any views or opinions expressed in this email are those of the author only.
- RE: Senior management really concerns about security?, (continued)