Hi Bill,
The ultimate decision about what and how much security to implement on
a system or network is the system owner. As was mentioned earlier,
organizations, both commercial and Federal, use the philosophy of risk
management. Risk management involves several activities, including the
cost of security and potential benefit. The threats and corresponding
risks to operation must be fully documented, as well as the potential
cost of not taking any action. Putting the risk in dollars and cents,
as was mentioned earlier, is the one language that management
understands. Additionally, you can add intangible items, like loss of
customer confidence, and the like. Formally document it and, if
possible, present it to management, making certain that they fully
understand the potential impact of their decision.
Security costs money, sometimes a sigificant amount, and its benefits,
like life, home or auto insurance, are only realized when they are
needed. I hope this helps. Take care.
Don
Bill Husler wrote:
>
> Has anyone here had occasion to face the situation where Upper Management decides
> to move forward in a direction against to the recommendations of the group
> responsible for data security disregarding their concerns? If so, what did you do
> about it? Did you write it up and ask them to formally acknowledge their
> acceptance of the exposure? What form would this document take? Any examples?
> Bill
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
begin:vcard
n:Lamb;Donald
tel;fax:(703) 289-5829
tel;work:(703) 289-5421
x-mozilla-html:FALSE
org:Booz-Allen & Hamilton, Inc.
adr:;;3190 Fairview Park Drive;Falls Church;Virginia;22042;USA
version:2.1
email;internet:[EMAIL PROTECTED]
title:Associate
x-mozilla-cpt:;24944
fn:Donald Lamb
end:vcard
