|
|
Sponsored Content
Special Forums
Cybersecurity
IT Security RSS
Funding security awareness programs
Post 302238050 by Linux Bot on Thursday 18th of September 2008 10:40:13 PM
09-18-2008
Funding security awareness programs
"Obtaining support and funding from senior management - while planning an awareness initiative" is a new free document from ENISA (the European Network and Information Security Agency - an official European Union body that describes itself as a centre of network and information security expertise for the EU Member States and Institutions) that extends the coverage of a previous product, "The new users' guide: How to raise information security awareness".
The new guide is aimed at helping readers scope, plan and justify their security awareness programs to management. Starting with an explanation of the need for, and value of, information security awareness (parts of which I contributed), it describes techniques to obtain management support and funding. It delves into ROI or ROSI (Return on [Security] Investment) using standard financial investment appraisal techniques to develop the business case for information security awareness, pointing out the difficulties of defining the benefits part of cost-benefit analysis for risk avoidance initiatives. It offers worthwhile tips on communicating security needs to management, especially by aligning security with other strategic objectives. This gets right to the heart of a key issue: without senior management's understanding and proactive support, information security initiatives are severely constrained if not doomed from the start. Whereas IT security can be handled primarily within IT Department, the scope of information security extends across the entire enterprise and necessarily involves a wide tranche of managers. Raising management's security awareness is therefore an important starting point.
Another good reason for developing business cases for investments in information security is that they naturally suggest a suite of metrics that can be used not only to assess the value of the investment but also to drive further security improvements. I heartily recommend taking a good look at ISACA's ValIT framework for more on this.
A fine international team of acknowledged awareness experts collaborated to produce the document using email, telephone conferences and Google Docs (which proved ideal for me, being based on the far side of the globe from Europe!). Credit is due to the editors from ENISA who kept us all in line and worked wonders on the formatting and presentation. Nice job!
More...
The new guide is aimed at helping readers scope, plan and justify their security awareness programs to management. Starting with an explanation of the need for, and value of, information security awareness (parts of which I contributed), it describes techniques to obtain management support and funding. It delves into ROI or ROSI (Return on [Security] Investment) using standard financial investment appraisal techniques to develop the business case for information security awareness, pointing out the difficulties of defining the benefits part of cost-benefit analysis for risk avoidance initiatives. It offers worthwhile tips on communicating security needs to management, especially by aligning security with other strategic objectives. This gets right to the heart of a key issue: without senior management's understanding and proactive support, information security initiatives are severely constrained if not doomed from the start. Whereas IT security can be handled primarily within IT Department, the scope of information security extends across the entire enterprise and necessarily involves a wide tranche of managers. Raising management's security awareness is therefore an important starting point.
Another good reason for developing business cases for investments in information security is that they naturally suggest a suite of metrics that can be used not only to assess the value of the investment but also to drive further security improvements. I heartily recommend taking a good look at ISACA's ValIT framework for more on this.
A fine international team of acknowledged awareness experts collaborated to produce the document using email, telephone conferences and Google Docs (which proved ideal for me, being based on the far side of the globe from Europe!). Credit is due to the editors from ENISA who kept us all in line and worked wonders on the formatting and presentation. Nice job!
More...
|
|
2 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Are the programs written on schedulers ,thread library , process management, memory management, et al called systems programs ? How are they different from the programs that implement functions like open() , printf() , scanf() , read() .. they have a prefix sys_open, sys_close, sys_read etc , right... (1 Reply)
Discussion started by: vishwamitra
1 Replies
2. UNIX for Dummies Questions & Answers
Hey guys,
Suppose i run passwd via bash shell. It is a suid program, which temporarily runs as root(owner) and modifies the user entries.
However, when i write a C file and give 4755 permission and root ownership to the 'a.out' file , it doesn't run as root in bash shell. I verified this by... (2 Replies)
Discussion started by: syncmaster
2 Replies
LEARN ABOUT REDHAT
httppower
httppower(8) powerman httppower(8) NAME
httppower - communicate with HTTP based power distribution units SYNOPSIS
httppower [--url URL] DESCRIPTION
httppower is a helper program for powerman which enables it to communicate with HTTP based power distribution units. It is run interac- tively by the powerman daemon. OPTIONS
-u, --url URL Set the base URL. INTERACTIVE COMMANDS
The following commands are accepted at the httppower> prompt: auth user:pass Authenticate to the base URL with specified user and password, using ``basic'' HTTP authentication which sends the user and password over the network in plain text. seturl URL Set the base URL. Overrides the command line option. get [URL-suffix] Send an HTTP GET to the base URL with the optional URL-suffix appended. post [URL-suffix] key=val[&key=val]... Send an HTTP POST to the base URL with the optional URL-suffix appended, and key-value pairs as argument. FILES
/usr/sbin/httppower /etc/powerman/powerman.conf ORIGIN
PowerMan was originally developed by Andrew Uselton on LLNL's Linux clusters. This software is open source and distributed under the terms of the GNU GPL. SEE ALSO
powerman(1), powermand(8), httppower(8), plmpower(8), vpcd(8), powerman.conf(5), powerman.dev(5), powerman-devices(7). http://sourceforge.net/projects/powerman powerman-2.3.5 2009-02-09 httppower(8)