Mfcttrf

What does this Swiss black on yellow rectangular traffic sign with a symbol looking like a dart mean?

How could empty set be unique if it could be vacuously false

Time at 1 g acceleration to travel 100 000 light years

Definition of 'vrit'

Did the CIA blow up a Siberian pipeline in 1982?

macOS: How to take a picture from camera after 1 minute

What are the current battlegrounds for people’s “rights” in the UK?

Find the common ancestor between two nodes of a tree

What is the highest voltage from the power supply a Raspberry Pi 3 B can handle without getting damaged?

Is it possible to transpose samples (in cents) from minor to major?

Explain why a line can never intersect a plane in exactly two points.

Are there any individual aliens that have gained superpowers in the Marvel universe?

What mathematical theory is required for high frequency trading?

Why don't countries like Japan just print more money?

What is the oldest commercial MS-DOS program that can run on modern versions of Windows without third-party software?

Can you use one creature for both convoke and delve for Hogaak?

How to work with PETG? Settings, caveats, etc

Why does this compile? Returning nullptr as std::string

How does DC work with natural 20?

A word for delight at someone else's failure?

Where should a runway for a spaceplane be located?

Is there a name for the trope when there is a moments dialogue when someone pauses just before they leave the room?

Is there any proof that high saturation and contrast makes a picture more appealing in social media?

Why does independence imply zero correlation?

Request from management that I disagree with

Great CEO with horrible management styleHow to deal with a CEO with poor management skillsHow to deal with low quality colleagues in a way that satisfies managementHow to defend my supervisor from higher managementHow to request management to provide us a cab?How to Constructively Express Dissatisfaction with Management StyleHow should an employee handle disagreement with direction from management?How can I explain technical concepts related to business management who lack background to understand?Managing request from other departmentRecover from management getting the impression that I'm haughty

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;

0

Disclosure: I am having an account issue so using a guest account in the interim

I work on the IT security team at my employer as a senior analyst / engineer. A part of my job duties is performance reporting to senior mangement on certain cybersecurity metrics. As I understand and was told to me by mangement reporting directly to CISO, these are to be used mainly for internal operational process improvement, not to point fingers at anyone or call individuals out for weaknesses in their role.

Today, I received request from senior mangement for individuals who have been demonstrating weaknesses in phishing reporting and recognition of malicious emails. I understand management having these names will help in assessing what our social engineering risk exposure is, but feel its unnecessary and eroding trust with other employees. The folks may think this is a back stab and request feels unreasonable to me.

From my prior work experience in cybersecurity, building trust with end users is critical to achieving business goals. I am a respected senior member of the team and given considerable leeway in making decisions.

Is my belief that requested data is unnecessary reasonable?

How can I balance fulfilling my duty in my role, to protect company assets, against supporting my fellow colleagues in this situation?

If offering management anonymized data is appropriate, how can I best make this request professionally?

communication management security

share

asked 7 mins ago

AnthonyAnthony

1

New contributor

Anthony is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

0

Disclosure: I am having an account issue so using a guest account in the interim

I work on the IT security team at my employer as a senior analyst / engineer. A part of my job duties is performance reporting to senior mangement on certain cybersecurity metrics. As I understand and was told to me by mangement reporting directly to CISO, these are to be used mainly for internal operational process improvement, not to point fingers at anyone or call individuals out for weaknesses in their role.

Today, I received request from senior mangement for individuals who have been demonstrating weaknesses in phishing reporting and recognition of malicious emails. I understand management having these names will help in assessing what our social engineering risk exposure is, but feel its unnecessary and eroding trust with other employees. The folks may think this is a back stab and request feels unreasonable to me.

From my prior work experience in cybersecurity, building trust with end users is critical to achieving business goals. I am a respected senior member of the team and given considerable leeway in making decisions.

Is my belief that requested data is unnecessary reasonable?

How can I balance fulfilling my duty in my role, to protect company assets, against supporting my fellow colleagues in this situation?

If offering management anonymized data is appropriate, how can I best make this request professionally?

communication management security

share

asked 7 mins ago

AnthonyAnthony

1

New contributor

Anthony is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

Disclosure: I am having an account issue so using a guest account in the interim

I work on the IT security team at my employer as a senior analyst / engineer. A part of my job duties is performance reporting to senior mangement on certain cybersecurity metrics. As I understand and was told to me by mangement reporting directly to CISO, these are to be used mainly for internal operational process improvement, not to point fingers at anyone or call individuals out for weaknesses in their role.

Today, I received request from senior mangement for individuals who have been demonstrating weaknesses in phishing reporting and recognition of malicious emails. I understand management having these names will help in assessing what our social engineering risk exposure is, but feel its unnecessary and eroding trust with other employees. The folks may think this is a back stab and request feels unreasonable to me.

From my prior work experience in cybersecurity, building trust with end users is critical to achieving business goals. I am a respected senior member of the team and given considerable leeway in making decisions.

Is my belief that requested data is unnecessary reasonable?

How can I balance fulfilling my duty in my role, to protect company assets, against supporting my fellow colleagues in this situation?

If offering management anonymized data is appropriate, how can I best make this request professionally?

communication management security

share

asked 7 mins ago

AnthonyAnthony

1

New contributor

Anthony is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share

asked 7 mins ago

AnthonyAnthony

1

New contributor

Anthony is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share

asked 7 mins ago

AnthonyAnthony

1

New contributor

Anthony is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

asked 7 mins ago

AnthonyAnthony

1

New contributor

Anthony is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

asked 7 mins ago

AnthonyAnthony

1