For most (large) organizations, security scans have NOTHING to do with increasing security, and everything with being able to answer "Yes" to a question like "Do you regularly scan for known defects?", probably for a VISA type compliance check.
If you don't already know, you really don't want to know about data security in the medical or banking communities. On Wed, 30 Jun 2010, Frank Cox wrote: > > What is the point of doing a security scan under conditions that are not > actually "live"? > > It sounds like moving the flammable materials out before a fire > inspection, then moving them right back in when the inspector leaves. > > What is gained? You're no more secure than you were before the > inspection, and and you're no longer running what you had running during > the inspection. > ---------------------------------------------------------------------- Jim Wildman, CISSP, RHCE j...@rossberry.com http://www.rossberry.com "Society in every state is a blessing, but Government, even in its best state, is a necessary evil; in its worst state, an intolerable one." Thomas Paine _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
