Re: [fw-wiz] 2nd Life
- From: "Paul D. Robertson" <paul@xxxxxxxxxxxx>
- Date: Sat, 10 Nov 2007 02:36:32 -0500 (EST)
On Fri, 9 Nov 2007, Steven Osman wrote:
Well, that's all true, and not to offend anyone on the list or anything,
but there's a reason that folks who are hired to do PR and marketting are
not the same folks who are hired to secure networks.
Yes, but from a security perspective you've always got to sort of balance
business growth with what's essentially a fiduciary responsibility to
protect the organization- lots of times from itself.
We're "reasonably" good at what we do, let's trust that other folks are
"reasonably" good at what they do, whether we understand it entirely or
not.
That doesn't mean we let them make strategic network decisions by blindly
allowing their choices.
It's always easier to just say no to everything, but then nothing gets
done.
Not much gets compromised either.
A good security practicioner should be able to bring a business case along
with the security case. Not saying "no" might make you popular
internally, but security isn't about popularity, and like it or not for
almost all cases the less you let in, the less risk you assume- so letting
more and newer things in _should_ be an uphill battle.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
paul@xxxxxxxxxxxx which may have no basis whatsoever in fact."
http://www.fluiditgroup.com/blog/pdr/
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
- References:
- Re: [fw-wiz] 2nd Life
- From: Steven Osman
- Re: [fw-wiz] 2nd Life
- Prev by Date: Re: [fw-wiz] 2nd Life
- Next by Date: Re: [fw-wiz] FYI: DDOS services for sale...
- Previous by thread: Re: [fw-wiz] 2nd Life
- Next by thread: [fw-wiz] NAT order help
- Index(es):
Relevant Pages
|
