Re: Technology and your Security Program

["Paul Melson" <pmelson () gmail com>]

On 10/12/07, Kelly Robinson <caliana1989 () gmail com> wrote:
> Why should technology be the final tier to be fully implemented in a
> security program?
>
> I am thinking in terms of the Digital Liability Management model:
> http://daemonic.wordpress.com/2006/04/26/it-security/

Is this a trick question?

If you buy product first, you will find yourself changing policy and
accepting otherwise unnecessary risk or expense (or both) in order to
retrofit your policy to your technology.  In other words, you're
letting the tail wag the dog.

PaulM

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/