Slashdot Mirror

← Back to Stories (view on slashdot.org)

Why Upper Management Doesn't "Get" IT Security

Posted by ryuzaki0 on from the part-of-your-job-to-explain-it-in-their-terms dept.

Schneier is reporting that the Department of Homeland Security has decided to delve into why upper management doesn't "get" IT security threats. The results aren't terribly surprising to those in the trenches, stating that most executives view security as something akin to facilities management. "Thankfully", the $495 report (if you aren't a "Conference Board associate") helps tell you how to handle the situation.

3 of 126 comments (clear)

  1. Not that hard by bhmit1 · · Score: 5, Informative

    From the part-of-your-job-to-explain-it-in-their-terms dept.

    Lets try this. When you forget to lock your Lexus and it's not there when you are ready to go golfing, that sucks. Almost as much as when you go to use the server and some hackers are using it to joy ride the net and sell all your customer records while you are liable. But unlike the car, where you can buy a new one, it's a pain in the ass to buy a new company image.

  2. Re:Computer people don't "get" business by Fulcrum+of+Evil · · Score: 2, Informative

    Unless the company makes security software or hardware, it IS an expense. Computer security should be handled with the same priority as physical security (keeping facilities secure) and basic infrastructure (power, water, telephone, etc.).

    Yeah, it's absolutely vital, and the results of a breach can be devastating.

    Any CEO that spends an inordinate amount of time on computer security will, and should be fired.

    Maybe this should be handled by the CTO or someone he manages? CEOs do vision, not operations (except when that messes with the vision).

    --
    "We returned the General to El Salvador, or maybe Guatemala, it's difficult to tell from 10,000 feet"
  3. Re:Does.... by larkost · · Score: 2, Informative

    You missed the point that the creation of the report (costs of writing it) might not have been completly covered by the grant. In fact it was probably put forward as a proposal this way: the govenment agency wanted a study done, and rather than paying a company the full price to do the work, they payed them half (or some other fraction), but at the end of the job the company gets to re-sell the report.

    For the govenment department it costs less for the report they wanted. So they saved the taxpayers money.