Actually, I am used to doing it myself. But then, I may be one of the
professionals that you mention that you depend on to do it for you. This
is quite normal and typical. Most companies have a person or group that
is responsible for security. If that person or group is two years
behind, then there is a major problem. That problem is either with the
person or group being unqualified, in which case, management didn't make
a very good choice in it's hiring, or the problem is with poor
management. I have seen both, and both are fairly common. All too often,
people get hired as a security professional when they really don't know
what they are doing, and management doesn't want to spend the time and
money to get them the training that they need. The other common
occurrence is that a company hires qualified security professionals, but
they soon realize that the security measures that they are told they
need to take are inconvenient, so management makes poor decisions based
on convenience and upfront cost. The long-term costs of a potential
intrusion are often overlooked because the normal managerial approach to
security is reactionary. The major lesson that I learned in the
financial industry was "security at all cost" because there is nothing
more expensive than a bad reputation or loss of consumer trust. The
lesson that I learned about smaller companies is that up front cost is
everything. Kinda makes you wonder how small companies ever become big
companies ;-)
Kenny
Tom Rauschenbach wrote:
>
> Or maybe like me you're used to having professionals handle this and when you
> have to do it yourself you discover 1) you don't know what you're doing and 2)
> it's hard to do it well.
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
