-----------------------<snip>-------------------
You are fortunate.
The audits I worry about are coming in waves from the outside. There is little or no opportunity to form a partnership. Even when you accomplish that, there is a whole new set next time.
To be fair, most of their points are well taken. You have to admit that any time data flows in the open is something of an exposure.
Trying to stay up with business needs while trying to guess what will be an
issue is, well, interesting ;-)
-----------------------<unsnip>--------------------
Our criteria were simple: do we care if it appears on the front page of
the paper tomorrow? If not, don't bother with securing it. Some things,
like futures delivery dates, options expiration dates, etc. were public
anyway, so why waste the cycles encrypting them. Other data, like
traders' positions, were highly sensitive and were treated by national
defense secrets. So we knew that auditors had to know the business, as
well as IT security practices.
Sometimes you're the dog; sometimes you're the hydrant. :-)
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
