Security Basics mailing list archives
RE: A reminder that security is not inherently solvable with technology
From: SMiller () unimin com
Date: Mon, 27 Oct 2003 13:29:31 -0500
I find the ICCP codes to be useful in this regard (if a bit less succinct:) http://www.iccp.org/iccpnew/ethics%20practice%20conduct.html Scott Miller Unimin Corporation "Jeremiah Powell" <jdpowell@compgeo To: <security-basics () securityfocus com> .com> cc: Fax to: 10/24/2003 07:33 Subject: RE: A reminder that security is not inherently solvable with PM technology
-----Original Message----- From: Mike Peppard [mailto:mpeppard () impole com] Sent: Friday, October 24, 2003 12:02 PM To: security-basics () securityfocus com Subject: RE: A reminder that security is not inherently solvable
withtechnology
Offshore business-process-outsourcing sales will leap 38% this year to $1.8 billion
http://www.informationweek.com/story/showArticle.jhtml?articleID=15306236
With this type of money riding on outsourcing there are substantial incentives to
<SNIP>
"put" the controls in, who puts the controls on us? Hippocratic oaths?
As an interesting note, part of my time with the University of Oklahoma's Student support team involved crafting my own, personal 'IT Hippocratic oath.' While some may find it cheesy (along the lines of 'vision statements' and 'executive team-building retreats') I belive that the values the IT team were trying to instill have an effect. If only to get you to think about this stuff (security, rights and responsibility, policy) in between configuring your dual-firewall frontier system with DMZ. Things like having people craft an oath are cheap and may have use. If they can only give the correct bias to thinking about users and coping with their problems, then these 'social solutions' (like the Medical Hippocratic Oath) can be very effective. I cann't overestimate the value of oaths and statements in security policies. When done to reflect the real world, they convey the critical missing element in so many security systems, namely 'why.' My oath is attached to this message. It has been years since I first wrote it, but it (only verion 1.1) still expresses my ideas about what IT should be. Hopefully it will continue to serve me, as should yours serve your if you write one. Now if I could only find that url about 'how to manage your manager' again, I could get some financial support behind this... Sincerely, Jeremiah D. Powell Systems Admin, Computational Geosciences Voice (405) 360-0472 / Fax (405) 307-0866 330 W Gray Suite 500; Norman, Ok 73069 --------------------------------------------------------------------------- Visual & Easy-to-use are not words that you think of when talking about network analyzers. Are you sick of the three window text decodes? Download ClearSight Network's Analyzer and see a new network analysis tool that makes the complex - easy http://www.securityfocus.com/sponsor/ClearSightNetworks_security-basics_031021 ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE The Presidio integrates PGP data encryption and XML Web Services security to simplify the management and deployment of PGP and reduce overall PGP costs by up to 80%. FREE WHITEPAPER & 30 Day Trial - http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 ----------------------------------------------------------------------------
Current thread:
- RE: A reminder that security is not inherently solvable with technology SMiller (Oct 27)
- <Possible follow-ups>
- RE: A reminder that security is not inherently solvable with technology Erik R. Myers (Oct 28)