to sum it all up... 1 giant catch 22. You are damned if you do and you are damned if you do not.
--l On Thu, 2005-12-29 at 16:35 -0500, bkfsec wrote: > Leif Ericksen wrote: > > >It comes back to ignorance of the law is no excuse. > > > > > > > Ahh, but there's a BIG difference between willful or unwillful ignorance > and intentional ignorance. > > It's one thing to not know a law that you should know; it's a completely > different thing to be blocked from knowing the law and expected to > respect it. > > For instance, in securing networks, corporate security personnel in the > United States should be familiar with Sarbanes-Oxley and the like, at > least in passing. Compliance is expected because compliance can be > tested. Not being aware of the requirements of Sarbanes-Oxley is not an > excuse because the law is readily available and transparent. However, > if the government passed Sarbanes-Oxley and then turned around and said > "But for security reasons, the requirements are classified and even the > judges can't see them without clearance..." that would be different. > > How can you guarantee compliance with a behavior when you don't have > access to the standard? > > This is no different than any other standard of behavior. If people are > not allowed to know the laws, they have no way to verify their > complicity with them. I respectfully submit that the situations are > different in their entirety and that in the case of a classified law, > ignorance is intentionally created as a function of the creation of the law. > > Such things cannot simply be written off. > > -bkfsec > > -- Leif Ericksen <[EMAIL PROTECTED]> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
