I think its political because people fear the loss of control. I've seen this a lot with my own customers. They are worried the security people, will wield too much power over them. And this isn't helped by security groups that seem to be consumed with "disassociating" themselves from the dirty work of securing servers, making firewall rules, setting up VPNs, etc. You mean computers aren't magic? Oh, great, there goes my entire career! :-) ------------------------------------ Andrew Plato, CISSP President / Principal Consultant Anitian Corporation (503) 644-5656 office (503) 201-0821 cell http://www.anitian.com ------------------------------------ > -----Original Message----- > From: Alan [mailto:alan@private] > Sent: Monday, September 23, 2002 12:25 PM > To: Andrew Plato > Cc: crime@private > Subject: RE: CRIME Computers vulnerable at Oregon department > > > On Mon, 23 Sep 2002, Andrew Plato wrote: > > > This is a sad story because I would bet that a lot of these > issues could > > be cleared up with some basic security improvements. In my travels > > around the server rooms of some of the Pacific Northwest's and > > California's largest employers and state agencies, I've > come to realize > > that security is still very weak. Some basic things, like > developing a > > security policy, are totally non-existent. > > Don't just think that it is a monitary issue. Companies spend > money on all > sorts of things they don't need or don't know how to use > properly (like > Oracle) that cost them big bucks. > > Securing a network is often a big political issue. > > You have to be able to say NO to a bunch of people who want no > restrictions whatsoever. And those people have more pull than the IS > department. > > Management says they want security, but they don't want to have to do > anything different to make it happen. > > Because computers are magic. > > >
This archive was generated by hypermail 2b30 : Mon Sep 23 2002 - 21:29:42 PDT