Educause Security Discussion mailing list archives
Re: Are users right in rejecting security advice?
From: "Perloff, Jim" <perloffj () UCHASTINGS EDU>
Date: Wed, 17 Mar 2010 08:02:57 -0700
Words of wisdom. J _________________________________________________ Call the HelpDesk at x8802 with your computer problems or questions, or email us at helpdesk () uchastings edu Jim Perloff Network Administrator UC Hastings College of the Law 200 McAllister Street San Francisco, CA 94102 415.565.4712 http://uchastings.edu/infotech/index.html -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Valdis Kletnieks Sent: Wednesday, March 17, 2010 7:14 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Are users right in rejecting security advice? On Wed, 17 Mar 2010 08:54:47 EDT, "Mclaughlin, Kevin (mclaugkl)" said:
Really? They are considered best practices, common knowledge, the way
to do things, (pick your semantic here), etc. because a lot of folks (smarter than I am, I bet) spent the time to analyze, research and come up with a best practice and that's how NIST, ISO, COBIT, etc. get
produced. There's a few actual "best practices" out there. However, in practice they tend to be swamped by the wave-a-dead-chicken voodoo security checklists often seen in the hands of clueless auditors. There's only a limited number of times you can sit through a security audit that has "Do you have a firewall?" as a checkbox item but does *not* have "Is it actually installed/enabled?" and "Has anybody actually configured it?" checkboxes before you start screaming "The Stupid, It Burns!". You say you haven't seen that yet? Then there's still hope for you. Run and escape while you still can. :)
Current thread:
- Re: Are users right in rejecting security advice?, (continued)
- Re: Are users right in rejecting security advice? Stanclift, Michael (Mar 16)
- Re: Are users right in rejecting security advice? Allison Dolan (Mar 16)
- Re: Are users right in rejecting security advice? Russell Fulton (Mar 17)
- Re: Are users right in rejecting security advice? Valdis Kletnieks (Mar 17)
- Re: Are users right in rejecting security advice? Allison Dolan (Mar 17)
- Re: Are users right in rejecting security advice? Mclaughlin, Kevin (mclaugkl) (Mar 17)
- Re: Are users right in rejecting security advice? Valdis Kletnieks (Mar 17)
- Re: Are users right in rejecting security advice? Vik Solem (Mar 17)
- Re: Are users right in rejecting security advice? Mclaughlin, Kevin (mclaugkl) (Mar 17)
- Re: Are users right in rejecting security advice? Joe St Sauver (Mar 17)
- Re: Are users right in rejecting security advice? Perloff, Jim (Mar 17)
- Re: Are users right in rejecting security advice? Brad Judy (Mar 17)
- Re: Are users right in rejecting security advice? David Escalante (Mar 17)
- Re: Are users right in rejecting security advice? Mclaughlin, Kevin (mclaugkl) (Mar 17)
- Re: Are users right in rejecting security advice? Michael Van Norman (Mar 17)
- Re: Are users right in rejecting security advice? Basgen, Brian (Mar 17)
- Re: Are users right in rejecting security advice? Allison Dolan (Mar 17)
- Re: Are users right in rejecting security advice? Michael Sinatra (Mar 17)
- Re: Are users right in rejecting security advice? Eric Case (Mar 17)
- Re: Are users right in rejecting security advice? Eric Case (Mar 17)
- Re: Are users right in rejecting security advice? Patrick Ouellette (Mar 17)
(Thread continues...)