RE: A reminder that security is not inherently solvable with tec hnology

["Parisi, Robert" <Robert.Parisi () AIG com>]

very good point-i dont think that outsource/inhouse, local vs foreign are
issues that can be viewed in isolation. The truism that is the subject
header cannot be overstated--how many rely upon "robust and complex"
password protocols only to have it thwarted by social engineering or the
dreaded hand written post-it note.

security needs to be baked into not just the technology and applications but
into management's consciousness and then user community at large. 



-----Original Message-----
From: salgak () speakeasy net [mailto:salgak () speakeasy net]
Sent: Friday, October 24, 2003 1:05 PM
To: Tsai Li Ming; security-basics () securityfocus com
Subject: Re: A reminder that security is not inherently solvable with
technology


> -----Original Message-----
> From: Tsai Li Ming [mailto:mailinglist () ltsai com]
> Sent: Friday, October 24, 2003 08:25 AM
> To: security-basics () securityfocus com
> Subject: RE: A reminder that security is not inherently solvable with
technology
> I would like to point out another side of the story. I would agree that
> privilege information shouldn't be outsourced. It shouldn't even be
> outsourced to another company, whether local or overseas. On the other
hand,
> we should bear in mind that off shoring a job does not necessary mean that
> it is less secure. A disgruntled local employee could do the same thing.
> What makes a local employee more trustworthy than an offshore worker?

Only the fact that it is easier to observe the actions of a local employee.
. .
 
> You can have the best security in place but it can be compromised by a
> single employee. Can we ever replace trust with technology?

Only when we physically get wired up. . . and frankly, I'm not letting my
employer OR my government control my brain. . . 



---------------------------------------------------------------------------
Visual & Easy-to-use are not words that you think of when talking about 
network analyzers. Are you sick of the three window text decodes? Download
ClearSight Network's Analyzer and see a new network analysis tool that 
makes the complex - easy
http://www.securityfocus.com/sponsor/ClearSightNetworks_security-basics_0310
21
----------------------------------------------------------------------------

---------------------------------------------------------------------------
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
The Presidio integrates PGP data encryption and XML Web Services security to 
simplify the management and deployment of PGP and reduce overall PGP costs 
by up to 80%.
FREE WHITEPAPER & 30 Day Trial - 
http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 
----------------------------------------------------------------------------