That's not a change. You should never have granted unlimited trust to
insiders. Just as most organizations do not have the same person handling
accounts payable and vendor selection, you should have checks and balances
in IT as well.
-Stiennon
At 07:49 AM 7/11/2006, [EMAIL PROTECTED] wrote:
...from a round-table discussion on identity theft in the current
Computerworld:
IDGNS: What are the new threats that people aren't thinking
about?
CEO Dean Drako, Sana Security Inc.: There has been a market
change over the last five-to-six years, primarily due to
Sarbanes-Oxley. It used to be that you actually trusted your
employees. What's changed -- and which is really kind of morally
and socially depressing -- is that now, the way the auditors
approach the problem, the way Sarbanes-Oxley approaches the
problem, is you actually put in systems assuming that you can't
trust anyone. Everything has to be double-signoff or a
double-check in the process of how you organize all of the
financials of the company....
-- Jerry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Richard Stiennon
The blog: http://www.threatchaos.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
