Firewall Wizards mailing list archives
RE: Firewalls and IS Network bodies
From: "Biggerstaff, Craig T" <Craig.T.Biggerstaff () usahq unitedspacealliance com>
Date: Fri, 12 Dec 1997 09:12:09 -0600
I have a problem with the idea that there can be completely separate "policy" groups and "operations" groups. Those who have expertise in networking and security matters generally gained it through daily exposure to operational hazards, and are better equipped to recognize a flawed policy than policy makers who doesn't have to worry about the details. If policy makers can deflect all criticisms to the operations group, then even a good policy will become deformed, over time, from its original intent. Witness the IS shops who decide arbitrarily to worship at the altar of Bill and make their company 100% Microsoft, deferring until later the decisions about security. In these situations the operations folks have three choices: (a) get better jobs elsewhere; (b) become the "bad cop" that others hate because operations "keeps us from getting our work done"; or (c) duck and cover. -- Craig Biggerstaff
---------- From: Mark Curley[SMTP:mcurley () baf com] Sent: Thursday, December 11, 1997 3:31 PM To: firewall-wizards () nfr net; 'Mike van der Walt' Subject: RE: Firewalls and IS Network bodies Actually, it should not matter which group handles it, as long as they are willing and able to implement the security policy of the company. Even if they don't have the security mindset or know-how, it might work OK if the policy is set by people who do and operations does the "administration" work.
[other comments deleted]
Current thread:
- Firewalls and IS Network bodies Mike van der Walt (Dec 11)
- Re: Firewalls and IS Network bodies chuck yerkes (Dec 11)
- Re: Firewalls and IS Network bodies Andy Howard (Dec 12)
- <Possible follow-ups>
- RE: Firewalls and IS Network bodies Mark Curley (Dec 11)
- RE: Firewalls and IS Network bodies Stout, William (Dec 11)
- RE: Firewalls and IS Network bodies Gary Crumrine (Dec 12)
- RE: Firewalls and IS Network bodies Biggerstaff, Craig T (Dec 12)
- Re: Firewalls and IS Network bodies Bennett Todd (Dec 17)