At 8:00 AM 2/22/95, tws @
wh .
bayer .
com wrote:
>But using their products and hiring their services and
>not knowing what they do is a big, big problem. My
>management loves to hire consultants, but do I trust
>the level of their expertise? That's a question has
>to be dealt with individually. I think, given the
>way things stuck up in my small world, services like
>SitePatrol is something I can employ, but I have to
>be familiar with what it does, which, in turn, means
>(at least temporarily) more work for me.
Hello Tenna!
Full agreement here: folks need to understand exactly what is being done
(or not done) in the provision of security mechanisms, procedures, and
policies, or they risk gaining a misplaced sense of security. You can't
really "outsource" your security needs without having significant security
knowledge (to assess the solution) or having some method for assessing the
vendor. (In some ways, this is similiar to the situation we face with the
medical community, where few folks have the specialized knowledge to assess
our doctor's recommendation or credentials, and hence seek second opinions).
Folks are well-advised to get some Internet security training if they're
responsible for their site's Internet security, and that's regardless of
the source of their security solution. (Also, such training really needs
to be ongoing or needs to connect you to method of staying current, since
last year's firewall is this year's permeable membrane... :-)
/John
|
|
