Hosting Provided By

Re: Security Education in the Workplace

From: George Capehart <gwc(at)capehassoc.com>
Date: Sun Dec 01 2002 - 09:07:01 EST

"K. K. Mookhey" wrote:
>
> Youre absolutely right. Educations is always the key.

<snip>

I agree 100% with kkm's list and everything he said. However, I'd like to add a segment to his list: Boards of Directors, C-level corporate officers and corporate risk managers. It's been my experience that in organizations in which this segment knows and cares about security, the other segments are much farther along and it's much easier for them to get the training and support they need to fill in the gaps. In organizations in which this segment does not know or care about security, this is reflected in the other segments. Even if all of the others were well-intentioned and self-educated, it is very hard for them to function in a secure manner. If information security is not part of a corporation's IT governance process, support for the other three segments will be spotty and limited at best; nonexistent or resisted at worst.

My $0.02.

--
George W. Capehart

Capehart Associates LLC                         Phone:  +1 704.678.1660
1604 Nottingham Drive				Fax:	+1 704.853.2624
Gastonia, NC  28054

"We did a risk management review.  We concluded that there was no risk
 of any management."  -- Dilbert

Received on Mon Dec 2 00:45:49 2002

This message: [ Message body ]
Next message: John Viega: "Re: MD5 status"
Previous message: Stephane Nasdrovisky: "Re: Source code monitoring for a large development group"
In reply to: K. K. Mookhey: "Re: Security Education in the Workplace"
In reply to K. K. Mookhey: "Re: Security Education in the Workplace"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:44 EDT