RE: security not a big priority?

["Craig Wright" <cwright () bdosyd com au>]

Security should be risk related. You need to be able to define the risks
and the costs of both implementing a solution or accepting the risk.
This should be based on economic cost.

To be effective, you need to work with the other teams and look at ways
to enable projects in a secure manner.

There are nearly always solutions. From your perspective, the start
looks like education. People need to understand the risks and this is
something you can start to address with little cost or comparitive
effort.

Regards,
Craig

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Francois Yang
Sent: Friday, 16 February 2007 3:18 AM
Cc: security-basics () securityfocus com
Subject: Re: security not a big priority?

On 2/15/07, Josh Miller <joshua () itsecureadmin com> wrote:
> This must be your first security job, right?  ;-)
>
> All joking aside, this is very common, especially in government jobs,
> based on my experience.  It's a tough road to ride down and I
recommend
> documenting all of your efforts for future reference and being as
> supportive as possible while not creating a problem between you and
the
> people you work with.
>
> Good luck.
>
> Thanks,
> Josh Miller, RHCE

Actually no. this is my second.
I used to be a security admin at a private company.  Now it's at a
public college and it's way different.  At the old place I had the
final say in everything. My boss was 100% behind me and management
even the president trusted me.  So whatever I said, was pretty much
what went on.  So picture that. Coming from a place where I had full
say to a place where I have almost no say. is a big change.
yea, I'll just keep working on documenting and trying to show them how
important security is.

--
If you think technology can solve your security problems, then you
don't understand the problems and you don't understand the technology.
Bruce Schneier

Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within 
those States and Territories of Australia where such legislation exists.

DISCLAIMER
The information contained in this email and any attachments is confidential. If you are not the intended recipient, you 
must not use or disclose the information. If you have received this email in error, please inform us promptly by reply 
email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy. 

Any views expressed in this message are those of the individual sender. You may not rely on this message as advice 
unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by 
a Partner of BDO.

BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, 
interception, corruption or unauthorised access.