Blog
SecuringAIX

« Are You Being Naughty? | Main | What Good Are Intentions? »

December 17, 2013

Comments

It is very difficult to convince someone that has no inkling of what they are managing.
The problem is that a lot of regulations and standards such as PCI-DSSv3 have real teeth and a security incident or audit-failure can cost a huge amount in fines and loss of reputation, yet many businesses are sleepwalking into a potential legal and financial minefield.
I think the only way to convince managers is to try to educate them and make them realise that this is not just somebody else's problem.

Andrew - thanks for your comment!

I would love to hear what/how you open the "learning" experience.

Maybe PCI-DSSv3 will help as they start to bite.

Question: have you seen the new reporting ability of pcsxpert (was aixpert) that was released with PowerSC 1.3?

I do have some sympathy for them (management) as the whole subject is shrouded in a lot of mystery and fear, and if I was being cynical I would say many like it that way as it earns them a lot of money.
The problem for all of us is that there are both industry and legal standards, and the potential cost, and reputational damage can be huge, when you get it wrong.
I always open the conversation in very simple terms like "you have a seatbelt and airbag in your car, but never drove into a wall to see if they work, however you hope that they will". Next I move to something like "security restrictions can prove that you DIDN'T do something, even more than they can prove that you did!", and that disabling things that you don't need/use actually saves cash by increasing system performance along with security.
I find that once you open their minds to the basics, you can start the real conversation.

Hello again Andrew.

I have been running in circles - helping out in other IT management areas - but painfully neglecting SecuringAIX. Just finished writing about that - and even came up with a methaphor close to yours.

In short, thank you for taking the time to share your insights. I appreciate it very much!

The comments to this entry are closed.