So on that same issue then, are you often surprised when you go in and speak with the companies?
Are you surprised at how little some of them know about the dangers?
Quite horrified. Just recently when I was out in Singapore, there was a...a company which had just been hacked.
Their website had been changed, mentioning no names, but they told me they weren't going to install a firewall because they didn't work.
And I thought, well, at least something like a 90, 95 percent effectiveness of keeping people out surely is better than not having anything in there.
I tried my best to explain to them, but sometimes these words fall on deaf ears.
The question is what is the best way to convince non-technical managers of the importance to invest in effective information security technologies?
One of the good ways that you can do is, obviously, what people do is show them statistics.
Now people get blinded by statistics, they can be manipulated to a certain advantage.
However, just show people, maybe a tour around the Internet, show them some of the hacker sites, some of the security sites which are available.
Show them exactly the information that you can find and how it's pertinent on your company.
Security management isn't just about what hardware or software you have installed.
It's all about policy management as well. If you have a good security policy covering all aspects of your company, then this will protect you from employment level up to, obviously, a system administration level.
Questions.
1. How many companies online have been hacked?
2. Who are the hackers usually?
3. Why do they want to be hackers?
4. Who is Mathew Bevan?
5. What do the hackers do actually?
6. Why would companies employ hackers to be their security consultants?
7. Why can't programmers be good security consultants?
8. Why is it still necessary to install a firewall though it may not always work?
9. Why is policy management so important to security management?