Mark Newman mnx at utk.edu
Wed Feb 12 15:00:29 GMT 2003

Pardon me if this seems like an audacious thing to ask...

Does anyone care to mention any specific incidents that caused your
organization financial loss or to be in a legally liable position
because of failure to implement some form of information security
policy, device, etc.?

We are seeking justification for expenditure. Our organization doesn't
care if implementing this or that meets standards. Our organization is,
like most, concerned with legal/financial liability and other much less
tangible losses (like prestige) resulting from security incidents.  

Not asking anyone to "air any dirty laundry" but, even any general
anecdotes would be very helpful to us in pleading our case.

Thank you,
Mark Newman
University of Tennessee

More information about the unisog mailing list