Re: Making the case for security policies and personnel

[Jim Wilcox <jim () WILCOXS NET>]

ROSI was the popular basis for a case in 2002. No matter what you do,
security is like insurance; you don't get anything new, you just get to
keep what you have. Hard to make that case. Case studies are good. The
penalties on executives that are included in Graham Leach Bliley and
HIPAA are good if that applies.

Good luck,

James Wilcox, CISSP
Director of Business Development
Cylant, Inc.
PO Box 19777
Portland, OR 97280-9777
503 799-8438
james () cylant com
www.cylant.com
CylantSecure, LinuxWorld "Best Security Solution"


-----Original Message-----
From: The EDUCAUSE Security Discussion Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Dorette Kerian
Sent: Friday, February 07, 2003 4:07 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Making the case for security policies and
personnel


And my apologies to everyone on the list for sending this message to the
entire list. AND YET, if anyone else has suggestions in approaches to
making the security case with administration, I'd sure like to hear
more. With regrets, and appreciation, Dorette
dorette.kerian () mail und nodak edu

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at
http://www.educause.edu/memdir/cg/.


**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/memdir/cg/.

Attachment: Risks & Insurance Primer.doc
Description:

Attachment: Control the Keys to the Kingdom-ROSI.doc
Description:

Attachment: TCO-price_of_security.pdf
Description:

Attachment: Return on Security Spending.doc
Description: