On Mon, 23 Sep 2002, Andrew Plato wrote: > This is a sad story because I would bet that a lot of these issues could > be cleared up with some basic security improvements. In my travels > around the server rooms of some of the Pacific Northwest's and > California's largest employers and state agencies, I've come to realize > that security is still very weak. Some basic things, like developing a > security policy, are totally non-existent. Don't just think that it is a monitary issue. Companies spend money on all sorts of things they don't need or don't know how to use properly (like Oracle) that cost them big bucks. Securing a network is often a big political issue. You have to be able to say NO to a bunch of people who want no restrictions whatsoever. And those people have more pull than the IS department. Management says they want security, but they don't want to have to do anything different to make it happen. Because computers are magic.
This archive was generated by hypermail 2b30 : Mon Sep 23 2002 - 21:24:30 PDT