Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ADP payroll

From: Roger Marquis <marquis () roble com>
Date: Fri, 10 May 2002 15:16:32 -0700 (PDT)
On Fri, 10 May 2002, Rick Smith at Secure Computing wrote:

A fundamental part of risk analysis is to look at who is liable
if trouble occurs. You want to focus on shielding your own company
from liability and not spend money to protect outsiders from
themselves.


This is true for actuaries, in the insurance industry, but I've
always considered liability to be a secondary issue in network
security risk analyses.  Business disruption is more typically the
focus of IS audits.


Assuming your company isn't liable for attacks on ADP that involve
your traffic, then it sounds as if they've provided you with the
sort of information you can use to protect your site: they've told
you what you need in order to limit firewall access to their servers
over their ports.


Agreed.  In this case the customer will likely either A) choose
another payroll vendor or, B) isolate the payroll PC from the rest
of the internal network.

-- 
Roger Marquis
Roble Systems Consulting
http://www.roble.com/


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: