Educause Security Discussion mailing list archives
Re: Are users right in rejecting security advice?
From: Dick Jacobson <Dick.Jacobson () NDUS EDU>
Date: Wed, 17 Mar 2010 15:08:31 -0500
On Wed, 17 Mar 2010, Eric Case wrote: And I suspect this thread started (I can't find the beginning anymore ;-) because we were talking about auditing best practices as opposed to IT security best practices ??
-----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Russell Fulton Sent: Wednesday, March 17, 2010 1:18 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Are users right in rejecting security advice?<snip>I now cringe when I hear the phrase "Best Practice" when applied to securityThe problem I see with "Best Practice," "Best Known Practice," "Effective Practices," etc. is one size fits some. Is that "Best Practice" for a small, centralized, risk-adverse institution or a large, decentralized, risk-accepting institution? -Eric Eric Case, CISSP eric (at) ericcase (dot) com http://www.linkedin.com/in/ericcase
----------------------------------------------------------------------- Dick Jacobson e-mail : Dick.Jacobson () ndus edu NDUS IT Security Officer office : STTC 219 phone : 701-231-6280 <NEW phone number> -----------------------------------------------------------------------
Current thread:
- Re: Are users right in rejecting security advice?, (continued)
- Re: Are users right in rejecting security advice? David Escalante (Mar 17)
- Re: Are users right in rejecting security advice? Mclaughlin, Kevin (mclaugkl) (Mar 17)
- Re: Are users right in rejecting security advice? Michael Van Norman (Mar 17)
- Re: Are users right in rejecting security advice? Basgen, Brian (Mar 17)
- Re: Are users right in rejecting security advice? Allison Dolan (Mar 17)
- Re: Are users right in rejecting security advice? Michael Sinatra (Mar 17)
- Re: Are users right in rejecting security advice? Eric Case (Mar 17)
- Re: Are users right in rejecting security advice? Eric Case (Mar 17)
- Re: Are users right in rejecting security advice? Patrick Ouellette (Mar 17)
- Re: Are users right in rejecting security advice? Jansen, Morgan R. (Mar 17)
- Re: Are users right in rejecting security advice? Dick Jacobson (Mar 17)
- Re: Are users right in rejecting security advice? John Nunnally (Mar 17)
- Re: Are users right in rejecting security advice? Eric Case (Mar 17)
- Re: Are users right in rejecting security advice? Patrick Ouellette (Mar 17)
- Re: Are users right in rejecting security advice? Roger Safian (Mar 17)
- Re: Are users right in rejecting security advice? Michael Sinatra (Mar 17)
- Re: Are users right in rejecting security advice? Ken Connelly (Mar 17)
- Re: Are users right in rejecting security advice? Michael Sinatra (Mar 17)
- Re: Are users right in rejecting security advice? Eric Case (Mar 17)
- Re: Are users right in rejecting security advice? Steven Alexander (Mar 17)
- Re: Are users right in rejecting security advice? Justin Azoff (Mar 17)
(Thread continues...)