Great Circle Associates Firewalls
(February 1998)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: Use the CISSP, Luke (was Re: Certifiying Security Auditors)
From: Larry Kwiat <Larry . Kwiat @ gov . yk . ca>
Date: Thu, 19 Feb 1998 14:45:20 -0800
To: Bennett Todd <bet @ rahul . net>, Larry Kwiat <Larry . Kwiat @ gov . yk . ca>
Cc: Anton J Aylward <anton @ the-wire . com>, firewalls @ GreatCircle . COM

>Our next call included a demand that the computer
>security auditors know enough to be able to analyze our computer
>security setup and teach us something. 
>
>From our discussion, I wonder if you'd admit to having learned anything
from anyone.

>> >Most of us go for off-site replicated servers with enough info to
>> >cover the first few hours, and tapes to pick up from there.
>> ...and doesn't _that_ fry your security picture if it hasn't been worked 
>> out as well as the normal operation was, or better...
>
> <snip> The access needs are far slimmer, so the security
>can be cranked down way tighter for a given level of cost and user
>hassle.
>
I don't agree. In many ways, an "exported tech. solution" is much harder to 
manage well as a security item than one onsite and owned. Access needs are 
only a small part of the picture.

>> The "big picture" of authenticity for a person  managing information
>> security issues well for an organization has so much in it. Detail, where
>> that detail changes so  quickly, must be sacrificed to a greater god. That
>> doesn't mean throwing the baby out with the bathwater, it means building a
>> good integrity around it - protecting it at a higher level by managing the 
>> concepts (inputs, outputs, design considerations, operation considerations) 
>> well.
>
>That sounds pretty, but I don't see how to translate it into anything
>other than a truly ghastly management structure. It just doesn't work to
>have clueless idiots at the top. 

I'm afraid that about does it for me. I have other things to do than engage 
in this. Best of luck in your career.

Sincerely,

Larry Kwiat
Security Coordinator
Government of Yukon
Larry .
 Kwiat @
 gov .
 yk .
 ca
Phone: (867) 667-8081



Follow-Ups:
Indexed By Date Previous: Re: Use the CISSP, Luke (was Re: Certifiying Security Auditors)
From: Bennett Todd <bet @ rahul . net>
Next: Re: How to pass protected firewalls?
From: Don Lopez <lopez @ discoverbrokerage . com>
Indexed By Thread Previous: Re: Use the CISSP, Luke (was Re: Certifiying Security Auditors)
From: Bennett Todd <bet @ rahul . net>
Next: Re: Use the CISSP, Luke (was Re: Certifiying Security Auditors)
From: Bennett Todd <bet @ rahul . net>

Google
 
Search Internet Search www.greatcircle.com