Benjamin Scott said:
>On Wed, 23 May 2001, Jeffry Smith wrote:
>> Yep. The instant someone (CIO level, preferably, but definitely in the
>> managment chaing) gets fired for NOT implementing the kind of security
>> that's possible is when you will see things change.
>
> Except it isn't the managers that get fired. The admins tell the PHBs they
>need time to work on security (or backups, or fault tolerance, or...).
The
>PHBs say no, work on something else. They get hacked. The admins are
fired
>for not doing their job. The new admins tell the PHBs they need time to
work
>on security. The PHBs say no...
That's why I said what I said. The culture has to change to hold the
managers accountable for not providing resources to the admins. When THAT
happens is when we'll see changes. How to make that happen? By clearly
documenting the costs / benefits / risks, and making certain the PHB's
bosses know the problem could have been prevented (technical), but did not
get the resources (management), and that management KNEW that it could
have been prevented.
Of course, it also means work on changing management perception without
directly saying they're PHB's. People don't take criticism well, and get
defensive.
No easy solution, alas.
jeff
-----------------------------------------------------------------------
Jeffry Smith Technical Sales Consultant Mission Critical Linux
[EMAIL PROTECTED] phone:603.930.9739 fax:978.446.9470
-----------------------------------------------------------------------
Thought for today: time sink n.
[poss. by analogy with `heat sink' or
`current sink'] A project that consumes unbounded amounts of
time.
>
>--
>Ben Scott <[EMAIL PROTECTED]>
>| The opinions expressed in this message are those of the author and do
not |
>| necessarily represent the views or policy of any other person, entity
or |
>| organization. All information is provided without warranty of any
kind. |
>
>
>**********************************************************
>To unsubscribe from this list, send mail to
>[EMAIL PROTECTED] with the following text in the
>*body* (*not* the subject line) of the letter:
>unsubscribe gnhlug
>**********************************************************
>
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
