Re: Senior management really concerns about security?

[Ed <security () kdtc net>]

acwang0048 () gmail com wrote:
> Hi all,
>
> Just want to ask whether you guys have encountered some unreasonable requests from your senior management (e.g. ceo) whereby you as an IT personnel understands the potential security risks involved. But then, when you try to explain the security risks or consequence to them, they won’t listen and just tell you they need this because of business function. 

Been there.  Done that.  While I have not made in the attempt
of documenting the risks, I have verbally communicated with
the senior management on certain security issues that could
potentially compromise the security of the internal network.

They thought I was too paranoid.  End result?  Went ahead
and did it.

Senior management *really* should contain at least ONE
security-conscious person, otherwise, it's like talking
to a brick wall.  You can't fight senior management.

Sad really.

Edmund