Chapter 2
you. I’ve asked Charlie Moody to come in today to talk about it. He’s waiting to speak with us.”
When Charlie joined the meeting Fred said, “Hello, Charlie. As you know, the Board of
Directors met today. They received a report on the expenses and lost production from the worm outbreak last month, and they directed us to improve the security of our technology.
Gladys says you can help me understand what we need to do about it.”
“To start with,” Charlie said, “instead of setting up a computer security solution, we need to develop an information security program. We need a thorough review of our policies and practices, and we need to establish an ongoing risk management program. There are some other things that are part of the process as well, but these would be a good start.”
“Sounds expensive,” said Fred.
Charlie looked at Gladys, then answered, “Well, there will be some extra expenses for specific controls and software tools, and we may have to slow down our product development projects a bit, but the program will be more of a change in our attitude about security than a spending spree. I don’t have accurate estimates yet, but you can be sure we’ll put cost-benefit worksheets in front of you before we spend any money.”
The Need for Security
Fred thought about this for a few seconds. “OK. What’s our next step?”
Gladys answered, “First, we need to initiate a project plan to develop our new information security program. We’ll use our usual systems development and project management approach. There are a few differences, but we can easily adapt our current models. We’ll need to appoint or hire a person to be responsible for information security.”
“Information security? What about computer security?” asked Fred.
Our bad neighbor makes us early stirrers,
Which is both healthful and good husbandry.
Charlie responded,