|
|
SLAC Computer Security | ||
| SLAC Home | Computing Home | Computing Outages | Help | |||
Cyber Security Awareness Month
These tips are part of a month long effort to distribute useful computer security information to the SLAC community.
- Day 3 - Getting the Boss Involved
Some interesting suggestions from the SANS community about how to get our bosses to listen when we say we need increased cyber tools, training, etc. are listed below:
Think "Big Picture"! When you're presenting an idea, cover how this will help the business. Will it reduce costs? Secure the systems? Reduce the chance of breaches or lawsuits?
- Show your bosses that you can not only handle technical concepts but business ones as well.
- "We have had a rash of viruses due to the managers not allowing us to properly secure our systems. We started keeping track of the time it took us to correct the problem + the lost time of the employee because their computer was down and presented this to the "suits." We also used some of the stats on the cost of a security breach. This fixed our problem!"
Do you notice a pattern already? Present the issue by highlighting aspects that are important to the listener.
- As part of our security awareness and training plan, we do an annual executive security briefing. We keep this brief and non-technical, but highlight the positives we can claim from the previous year and describe our approach to addressing problems that we might see in the next year.
- We do a full staff review of security standards (including the boss(es)) and have the boss sign off on the annual audit certification letters.- If you're trying to share a sense of urgency about a problem: "Don't give the boss horror stories about what could happen, give him real stories of what has happened to other people." --Alan Paller
Owner: SLAC Computer Security |