Home page logo

educause logo Educause Security Discussion mailing list archives

Re: success stories
From: Steve Brukbacher <sab2 () UWM EDU>
Date: Wed, 19 Nov 2008 13:31:24 -0600

Performing a risk assessment helps us out.  If you can get them to commit a few hours of staff time to an RA then you 
can provide some assurance that whatever steps you recommend are well reasoned and show a risk-based strategy for 
identifying solving security problems.  This helps me to avoid the impression that an initiative is just the security 
people being paranoid.

Steve Brukbacher
University of Wisconsin Milwaukee
Information Security Architect
UWM Computer Security Web Site
Phone: 414.229.2224
Main Office: 414.229.1100

----- Original Message -----
From: "Kathy Bergsma" <kbergsma () UFL EDU>
Sent: Wednesday, November 19, 2008 1:21:53 PM GMT -06:00 US/Canada Central
Subject: [SECURITY] success stories

I'm interested in hearing about your success stories engaging senior
management support for security initiatives.  What methods worked at your
institution?  I've suggested some methods below.  Let me know which ones have
worked for you and identify others ideas not listed.

Fear, uncertainty and doubt
Metaphors and analogies
Comparison with peer institutions
Financial benefits such as ROI (return on investment)
Leverage an incident
Working behind the scenes
Ask forgiveness rather than permission
Little by little baby steps
Relationship building with key players?  Who are the key players
Other ideas

Kathy Bergsma
UF Information Security Manager

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]