Pretty much true, but the question was "Are Online Security Services that charges lots of money really worth it?" not whatever you were answering. _______________________ The opinions expressed above are my own. The facts simply are and belong to none. James W. Meritt, CISSP, CISA Senior Secure Systems Engineer at Wang Government Services, Inc. > -----Original Message----- > From: mouss [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, August 23, 2000 3:01 PM > To: Meritt, Jim; '[EMAIL PROTECTED]'; Meritt, Jim; > [EMAIL PROTECTED] > Subject: RE: hacker hiring (was RE: Online Security Services and > Continuou s Risk Management > > > This is true in an ideal world, however: > > - customers are "stupid" (not that these are supid people, > but they may be > considered > as stupid customers, in the sense that you can sell them > poducts using an > irrational approach). > > - companies are not trying to maximize their situation, but > only to make it > better > (there's a difference here) > > - there is no effective way to judge people. you can only > ask'em questions, > hear'em > talking, ... you can't get inside their brain. > > so, the tree components (customer, company, employee) of the > system can > hrdly follow > any rational model. Knowing that, you can hardly expect that > any of these > components > will follow a rational process.... > > > you can hire a "hacker" if you "feel" it. It's the same as > the decision you > take > when you see a girl/boy in a party. you might get excited and > think she/he > should > be in your bed that night. Discovering later that she/he "was > not the one" > is an > event that you could hardly predict.... > After all, you can only get "performance" if you abandon > "robustness". If > there is > no risk, there is no reason to get paid... > > > > mouss > > > > At 11:46 23/08/00 -0400, Meritt, Jim wrote: > >IF (a big "if"): > >1. You can trust them with your entire being (say, you > AREN'T "secure" and > >they find out exactly how and where you are most vulnerable) > >2. They are as good as you think. > - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
