Firewall Wizards mailing list archives

Re: Internet Security Review

From: "Marcus J. Ranum" <mjr () nfr net>
Date: Tue, 14 Oct 1997 08:37:41 -0400

In broad outline, they started by hitting me with a series of
``scenarios''.


WOW! A security audit that actually takes humans into account
rather than just mechanism and software!! Fancy that!

Since social engineering is such a huge (potential) problem,
I think it's vital to consider the way people in the organization
are going to react under stress of attack/failure/confusion. This
is what scares me most about security, BTW -- I don't think it
is possible, for an organization of reasonable size, to adequately
secure the staff.

mjr.
--
Marcus J. Ranum, CEO, Network Flight Recorder, Inc.
work - http://www.nfr.net
home - http://www.clark.net/pub/mjr

Current thread:

Re: Small company question was Re: Firewall administration., (continued)
- - - Re: Small company question was Re: Firewall administration. Mark Teicher (Oct 09)
    - Re: Small company question was Re: Firewall administration. Bennett Todd (Oct 10)
    - Re: Firewall administration. Larry J. Hughes Jr. (Oct 09)
    - Re: Firewall administration. Ted Doty (Oct 07)
    - Re: Firewall administration. Bennett Todd (Oct 07)
    - Re: Firewall administration. Ted Doty (Oct 12)
    - Re: Firewall administration. Bennett Todd (Oct 12)
    - Re: Firewall administration. Ted Doty (Oct 12)
    - Internet Security Review Mark Teicher (Oct 13)
    - Re: Internet Security Review Bennett Todd (Oct 13)
    - Re: Internet Security Review Marcus J. Ranum (Oct 14)
    - Securing Staff (was Re: Internet Security Review) Jeff Sedayao (Oct 15)
    - Re: Internet Security Review Steve Kruse (Oct 13)
    - Message not available
    - Re: Policy and administration was Re: Firewall administration. Ted Doty (Oct 13)
- Re: Firewall administration. John McDermott (Oct 06)