Richard Soule said:
>
>
>Derek Martin wrote:
>[SNIP]
>> Reality: Companies are almost always less interested in security than
>> in productivity.
>[SNIP]
>
>It sounds to me like a case should be made that good security = good
>productivity. How 'unproductive' is the WHOLE company when the network
>goes down because of an attack? How 'unproductive' is the loss of a
>single deal because of a virus? (Where I work deals can be 20 to 30
>Million... one lost deal because a silly sales rep gave the potential
>customer a virus could be huge!).
No argument that a whole company down can be very unproductive.
Unfortunately, from a management standpoint, they look at the immediate
cost (effort), vs the potential of being down. And, of course, if
anything happens "we know who to call" (which, unfortunately gets them
nothing but the ability to point to someone else). Then, there's the fact
that they seem to be conditioned to accept "that's the way things are."
Now is the time to start pressing what you state as reasons to move to
Linux - with the point that that's (virii, et al) NOT the way things have
to be. And, putting together business cases that show in ROI that the
cost is worth it. And that it's NOT a technical issue, but a management
issue.
>
>Make the case that it is management's responsibility to provide the
>time/resources for good security and MANAGEMENT is responsible for the
>downtime when it happens.
Yep. The instant someone (CIO level, preferably, but definitely in the managment
chaing) gets fired for NOT implementing the kind of security that's possible is when
you will see things change.
jeff
-----------------------------------------------------------------------
Jeffry Smith Technical Sales Consultant Mission Critical Linux
[EMAIL PROTECTED] phone:603.930.9739 fax:978.446.9470
-----------------------------------------------------------------------
Thought for today: time sink n.
[poss. by analogy with `heat sink' or
`current sink'] A project that consumes unbounded amounts of
time.
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
