Firewall Wizards mailing list archives
Re: ADP payroll
From: Roger Marquis <marquis () roble com>
Date: Fri, 10 May 2002 15:16:32 -0700 (PDT)
On Fri, 10 May 2002, Rick Smith at Secure Computing wrote:
A fundamental part of risk analysis is to look at who is liable if trouble occurs. You want to focus on shielding your own company from liability and not spend money to protect outsiders from themselves.
This is true for actuaries, in the insurance industry, but I've always considered liability to be a secondary issue in network security risk analyses. Business disruption is more typically the focus of IS audits.
Assuming your company isn't liable for attacks on ADP that involve your traffic, then it sounds as if they've provided you with the sort of information you can use to protect your site: they've told you what you need in order to limit firewall access to their servers over their ports.
Agreed. In this case the customer will likely either A) choose another payroll vendor or, B) isolate the payroll PC from the rest of the internal network. -- Roger Marquis Roble Systems Consulting http://www.roble.com/ _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- ADP payroll Roger Marquis (May 10)
- Re: ADP payroll Rick Smith at Secure Computing (May 11)
- Re: ADP payroll Roger Marquis (May 11)
- Re: ADP payroll Rick Smith at Secure Computing (May 11)