2. “My management
just does not “get”
information
security!”
Anonymous CISO of a large financial institution
3. “I am overwhelmed with
all the passwords I have
to remember. I just write
them down & leave them
with my executive
assistant.”
Anonymous manager working in an insurance company
4. “Management has
authorized acquisition of
security monitoring tools,
but they did not give me
any budget for people to
do this monitoring.”
Anonymous CISO of a multinational service organisation
5. “Sure, I support
information security,
but my people need to
work and make money.”
Anonymous CEO of a retailer
6. “Our information security
department keeps getting
more tools, but I do not
think we are any more
secure.”
Anonymous CRO of a large financial institution
7. “Security policy is one
thing. Reality is another.”
Anonymous COO from a consulting company
8. “All that information
security people do is
say “No!”.
They should learn how
we really work.
Angry manager of a governmental agency
21. People are the weakest link.
You can have the best technology,
firewalls, intrusion-detection systems,
biometric devices - and somebody
can call an unsuspecting employee.
That's all she wrote, baby.
They got everything.
Kevin Mitnick, ex hacker, IT security consultant.
52. For more information…
Marc Vael
International Vice-President
Chairman of the Knowledge Board
ISACA
http://www.isaca.org/
marc@vael.net
http://www.linkedin.com/in/marcvael
@marcvael