One of the most common complaints I hear from IT pros concerns the lack of knowledge (OK, the ignorance) of company executives regarding information security. For many CEOs and high-level executives, security is at best barely understood and at worst completely misunderstood. Some execs tolerate security procedures and expenses, while others view them as a cost with no possible return.
Bridging this knowledge gap can be extremely difficult for any IT manager. After all, you usually can't get away with calling your CEO ignorant. And trying to explain security preparedness technically to your boss can go nowhere fast. more>>
Full Version: Technet Fights Security Ignorance
Ya, thats true, run into that alot. Even when they call us because thier network has been compromised some of them still refuse to budge on certain issues (The situation makes most of them more receptive to changes though). Well not exactly CEOs but the higher ups that make the decisions, same situation though.
It's good that someone is doing something. Thanks for the article
.
It's good that someone is doing something. Thanks for the article
.
np we all have similar issues 
| QUOTE |
| The situation makes most of them more receptive to changes though |
I remember an old thread in this forum some time back where we were debating if staging/creating a attack was beneficial and whether the benefits outweighed the ethics of doing so. It was pretty interesting. Ill try to dig it up.
That would be an interesting read w00dy. The thought of staging an attack on your own networks, to prove a point, while appealing on some level, it is only appealing in some sort of perverse way. I vaguely remember hearing someone at COMDEX talking about a return on investment guide to IT security, let me see if I kept a copy, or a link. Probably involves less possible cell time anyways.
Cheers
Cheers
If you are looking for the ROI on IT article you can find it in the security focus archives ;-)
Must have read my mind .. or googled it. Thanks mate ... I had completely forgotten to reply with the link.
h**p://www.securityfocus.com/infocus/1715
Cheers
h**p://www.securityfocus.com/infocus/1715
Cheers
Some info I've found to be helpfull is to develop seperate reports to coincide with a power point for not only the CEO but for the CFO and the CIO as well.
Each Department head will have a big share of the responsibilities as the CEO will check with the CFO for the all important $$$ of big/small businesses and the CIO will be the one who will designate a point of contact for the window of testing and basically will be under review.
Some CIO's feel a bad report will be a resume generating moment and thats a hard obstacle to overcome. But the ppt should be tailored for the CIO so the SysAdmins can see the benefit of the test and by laying out the ground rules and target zone it will allow the SysAdmin and the CIO to develop the warm and fuzzy feeling of " There here to help".
Just my 2 cents worth on the subject - hope it helps those who prep for the presentations.
Each Department head will have a big share of the responsibilities as the CEO will check with the CFO for the all important $$$ of big/small businesses and the CIO will be the one who will designate a point of contact for the window of testing and basically will be under review.
Some CIO's feel a bad report will be a resume generating moment and thats a hard obstacle to overcome. But the ppt should be tailored for the CIO so the SysAdmins can see the benefit of the test and by laying out the ground rules and target zone it will allow the SysAdmin and the CIO to develop the warm and fuzzy feeling of " There here to help".
Just my 2 cents worth on the subject - hope it helps those who prep for the presentations.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
