Penetration Testing mailing list archives
Re: [PEN-TEST] Testing a "rogue site"
From: "Missy, E" <freehold () EROLS COM>
Date: Mon, 11 Sep 2000 17:35:47 -0400
"Karyn Pichnarczyk" wrote: [snipped]
But unless you go by the One and Only rule, you will not last long in the security trade: 1. Business Must Continue. If this rule is not followed, then it doesn't matter how good or bad the security posture is: the company just won't exist! Therefore, the Business Demands of the company must be met, AT ALL COSTS including, regretfully and occasionally, the cost of bad security.
More and more, without security, companies can be (temporarily) 'made to not exist' - i.e. brought down, sometimes for an extended period of time if a sufficient hit is made. Business will *not* continue without data and communications. What's more inconvenient, a few 'extra' steps between users and tasks (i.e. logging procedures, periodic re-education, etc.) or the inability to perform those tasks at all? After all, we all got used to waiting in airports to get through the metal detectors. Corporate culture eventually will change to allow the 'inconvenience' of security procedures. Most people here I suspect feel way too busy to 'fight city hall', or work on inculcating a security mindset within a company that ranks security low on the totem pole. That doesn't mean that I think it isn't my job to educate those around me, just that I wouldn't want to work where I was fighting the current. :)
Current thread:
- [PEN-TEST] Testing a "rogue site" Kelly, Mike (Sep 08)
- Re: [PEN-TEST] Testing a "rogue site" Peter Van Epp (Sep 09)
- Re: [PEN-TEST] Testing a "rogue site" Missy, E (Sep 10)
- <Possible follow-ups>
- Re: [PEN-TEST] Testing a "rogue site" Mitch James (Sep 08)
- Re: [PEN-TEST] Testing a "rogue site" Rich Richenberg (Sep 08)
- Re: [PEN-TEST] Testing a "rogue site" Alexander Sarras (SEA) (Sep 11)
- Re: [PEN-TEST] Testing a "rogue site" Karyn Pichnarczyk (Sep 11)
- Re: [PEN-TEST] Testing a "rogue site" Missy, E (Sep 12)
- Re: [PEN-TEST] Testing a "rogue site" Wandering One (Sep 13)
- Re: [PEN-TEST] Testing a "rogue site" Karyn Pichnarczyk (Sep 11)
- Re: [PEN-TEST] Testing a "rogue site" Peter Van Epp (Sep 09)
- Re: [PEN-TEST] Testing a "rogue site" Meritt, Jim (Sep 11)
- Re: [PEN-TEST] Testing a "rogue site" Alexander Sarras (SEA) (Sep 13)