>Our next call included a demand that the computer
>security auditors know enough to be able to analyze our computer
>security setup and teach us something.
>From our discussion, I wonder if you'd admit to having learned anything
>> >Most of us go for off-site replicated servers with enough info to
>> >cover the first few hours, and tapes to pick up from there.
>> ...and doesn't _that_ fry your security picture if it hasn't been worked
>> out as well as the normal operation was, or better...
> <snip> The access needs are far slimmer, so the security
>can be cranked down way tighter for a given level of cost and user
I don't agree. In many ways, an "exported tech. solution" is much harder to
manage well as a security item than one onsite and owned. Access needs are
only a small part of the picture.
>> The "big picture" of authenticity for a person managing information
>> security issues well for an organization has so much in it. Detail, where
>> that detail changes so quickly, must be sacrificed to a greater god. That
>> doesn't mean throwing the baby out with the bathwater, it means building a
>> good integrity around it - protecting it at a higher level by managing the
>> concepts (inputs, outputs, design considerations, operation considerations)
>That sounds pretty, but I don't see how to translate it into anything
>other than a truly ghastly management structure. It just doesn't work to
>have clueless idiots at the top.
I'm afraid that about does it for me. I have other things to do than engage
in this. Best of luck in your career.
Government of Yukon
Phone: (867) 667-8081