At 05:39 PM 10/21/2002, Alessandro Bottonelli wrote:
This can't be stressed enough, IMO. Incident response (and in fact security as a whole) requires endorsement and involvement to start at the very top of the food chain in an organization. It can't be an effort brought forth by the IT department, with management along for the ride (or worse yet, management resisting). Information Security is a core component of overall organizational security (physical, personnel, etc) and requires organizational risk assessment and decision-making.> ... Even incident response perhaps is partially a > top management activity? > Most definitevely YES! There are responses that are top management responsability (think of a major bank network under attack, only top management can be in the position to decide to "pull the plug off" ... ).
FWIW,
Doug
------------------------------------------------------------
This email, and any included attachments, have been checked
by Norton AntiVirus Corporate Edition (Version 7.6), AVG
Server Edition 6.0, and Merak Email Server Integrated
Antivirus (Alwil Software's aVast! engine) and is certified
Virus Free.
