I would say that computer security does not relate to people wasting their time
in the Internet. You can prevent certain types of abuse of Internet resources,
but if the fundamental problem is that people spend their time in something that
is not productive, you will not solve that problem with "computer security" and
you will end up in an arms race against people that seem to have nothing else to
do and no boss looking over their shoulder, and you will always lose.
I think you must put some obvious controls, and let people know that they are
being logged and that the logs WILL be analyzed. A good report is better than a
sophisticated hand-made filter that will always have an interesting hole.
Finally, I agree, HR is no panacea, but I think that the resource being most
abused in this case is actually the human resource - am I right? I think it is
their job to manage it.
Carlos
"Albrechtas, Adam" <[EMAIL PROTECTED]> con fecha 23/06/2000 11:37:25
Destinatarios: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
CC: (cci: Carlos Moran/LAG/LSR/LAR/CPC)
Asunto: RE: Absurdity Continues
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I would say it has nothing to do with HR since it is strictly a
computer security issue (or even a QoS, at a stretch). I guess it
all depends on who is ultimitely responsible for System Security,
Data Security, and QoS in your organization. It is my belief that HR
should have nothing to do with computer security since they rarely
(if ever) have any knowledge in the area.
- -----Original Message-----
From: D Clyde Williamson [mailto:[EMAIL PROTECTED]]
Sent: Friday, June 23, 2000 10:14 AM
To: [EMAIL PROTECTED]; '[EMAIL PROTECTED]'
Subject: Re: Absurdity Continues
"Norman R. Bottom" wrote:
>
> RE: "Turn It Over To Human Resources"
>
> In difficult matters, fathers say, "See your Mother." Some firewall
> folks say, "Turn it over to HR.." What a joke ! Anyone who has been
> involved with security for a year or two, knows that Human
> Resources is not a friend to good security. Period. :->
>
> Blessings,
>
> Norman
Dealing with what employees do during office hours is not a security
matter. Unless, of course,
they're stealing data or cracking servers. If it is against HR policy
for users to look at certain
types of material on the Internet, then it is HR's responsibility to
deal with that policy.
If your HR dept is not helping you with *security* matters. Then you
need to get that fixed.
- -
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>
iQA/AwUBOVN3DdTbJ7zCVqawEQLpfQCfU+3KgWK6ykAUlD3G8WRM89u2ioQAoOpC
29WG3L9aOsE5eX8Aolfm9ufG
=OKT7
-----END PGP SIGNATURE-----
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
"E-mail Server" made the following
annotations on 06/23/00 10:46:56
------------------------------------------------------------------------------
Bestfoods is not responsible for the content of incoming messages which may
contain offensive or unauthorized material. Please contact 1-800-462-0562 if
this should happen.
==============================================================================
"E-mail Server" made the following
annotations on 06/23/00 11:05:38
------------------------------------------------------------------------------
May contain confidential and trade secret information of Bestfoods, and may be subject
to the Economic Espionage Act of 1996. For recipient's use only. If you have received
this message in error, please delete immediately, and alert the sender.
==============================================================================
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
