Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: 2nd Life

From: "Paul D. Robertson" <paul () compuwar net>
Date: Sat, 10 Nov 2007 02:36:32 -0500 (EST)
On Fri, 9 Nov 2007, Steven Osman wrote:


Well, that's all true, and not to offend anyone on the list or anything, 
but there's a reason that folks who are hired to do PR and marketting are 
not the same folks who are hired to secure networks.


Yes, but from a security perspective you've always got to sort of balance 
business growth with what's essentially a fiduciary responsibility to 
protect the organization- lots of times from itself.


We're "reasonably" good at what we do, let's trust that other folks are 
"reasonably" good at what they do, whether we understand it entirely or 
not.


That doesn't mean we let them make strategic network decisions by blindly 
allowing their choices.


It's always easier to just say no to everything, but then nothing gets 
done.


Not much gets compromised either.

A good security practicioner should be able to bring a business case along 
with the security case.  Not saying "no" might make you popular 
internally, but security isn't about popularity, and like it or not for 
almost all cases the less you let in, the less risk you assume- so letting 
more and newer things in _should_ be an uphill battle.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
paul () compuwar net       which may have no basis whatsoever in fact."
             http://www.fluiditgroup.com/blog/pdr/

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: