I completely understand your situation!
I heard that "Joe" was working at a company were he seen many things
that fail a few different assessments and brought them to the attention
of the executive staff, then was told to either put it under the table
or stop telling us this stuff we really don't like hearing it. After
pondering this for a few hours "Joe" decided it was best to document
things and try to continue to use opportunities to bring it up in
meetings. Last time I spoke to "Joe" I was told nothing has changed and
if nothing else, it has gotten worse.
My advice to you is to document everything and protect your backup of
said documents, because reality is that once it comes to the surface,
and it will, you will be the fall guy for the company because no
executive I know of will admit to the fault and take the blame!
Good Luck!
Robert
Robert Portvliet wrote:
Rich Mogull had a few things to say about that yesterday (very good read)
http://securosis.com/blog
On Thu, Aug 13, 2009 at 6:21 AM, Ron Gula<[email protected]> wrote:
All great points .... and now from a CEO who says their QSA's let them
down:
http://www.csoonline.com/article/499527/Heartland_CEO_on_Data_Breach_QSAs_Let_Us_Down?page=1
Heartland CEO on Data Breach: QSAs Let Us Down
Heartland Payment Systems Inc. CEO Robert Carr opens up about his
company's data security breach, how compliance auditors failed to flag
key attack vectors and what the big lessons are for other companies.
...
--
Ron Gula, CEO
Tenable Network Security
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
