Educause Security Discussion mailing list archives
Re: Are users right in rejecting security advice?
From: Patrick Ouellette <ouellep () ALGONQUINCOLLEGE COM>
Date: Wed, 17 Mar 2010 15:44:43 -0400
Problem is, without enforceable laws/policies and strong support for it from management, "best practices" ends up being the reality ... What's the old saying about standards? "The fun with standards is that there's so many to choose from", and since none of them have the force/weight of law... choose with impunity! Sincerely, Patrick Ouellette Algonquin College - School of Advanced Technology Program Coordinator: Computer Systems Technician & Technology - Networking / Security Programs Professor - Computer Studies Department
-----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Eric Case Sent: March-17-10 3:03 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Are users right in rejecting security advice?-----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Russell Fulton Sent: Wednesday, March 17, 2010 1:18 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Are users right in rejecting security advice?<snip>I now cringe when I hear the phrase "Best Practice" when applied to securityThe problem I see with "Best Practice," "Best Known Practice," "Effective Practices," etc. is one size fits some. Is that "Best Practice" for a small, centralized, risk-adverse institution or a large, decentralized, risk-accepting institution? -Eric Eric Case, CISSP eric (at) ericcase (dot) com http://www.linkedin.com/in/ericcase --
Current thread:
- Re: Are users right in rejecting security advice?, (continued)
- Re: Are users right in rejecting security advice? Perloff, Jim (Mar 17)
- Re: Are users right in rejecting security advice? Brad Judy (Mar 17)
- Re: Are users right in rejecting security advice? David Escalante (Mar 17)
- Re: Are users right in rejecting security advice? Mclaughlin, Kevin (mclaugkl) (Mar 17)
- Re: Are users right in rejecting security advice? Michael Van Norman (Mar 17)
- Re: Are users right in rejecting security advice? Basgen, Brian (Mar 17)
- Re: Are users right in rejecting security advice? Allison Dolan (Mar 17)
- Re: Are users right in rejecting security advice? Michael Sinatra (Mar 17)
- Re: Are users right in rejecting security advice? Eric Case (Mar 17)
- Re: Are users right in rejecting security advice? Eric Case (Mar 17)
- Re: Are users right in rejecting security advice? Patrick Ouellette (Mar 17)
- Re: Are users right in rejecting security advice? Jansen, Morgan R. (Mar 17)
- Re: Are users right in rejecting security advice? Dick Jacobson (Mar 17)
- Re: Are users right in rejecting security advice? John Nunnally (Mar 17)
- Re: Are users right in rejecting security advice? Eric Case (Mar 17)
- Re: Are users right in rejecting security advice? Patrick Ouellette (Mar 17)
- Re: Are users right in rejecting security advice? Roger Safian (Mar 17)
- Re: Are users right in rejecting security advice? Michael Sinatra (Mar 17)
- Re: Are users right in rejecting security advice? Ken Connelly (Mar 17)
- Re: Are users right in rejecting security advice? Michael Sinatra (Mar 17)
- Re: Are users right in rejecting security advice? Eric Case (Mar 17)
(Thread continues...)