John Gilmore wrote: >I am sure that outsourced security varies in quality and effectiveness, as >does perforce 'outsourced' auditing.
True. >Exclusive preoccupation with security seems to lead ineluctably to rigid, >rote, highly standardized measures that make systems increasingly awkward and >unworkable without in fact making them more secure. Aka 'red tape'. I hate it. My opinion. >I have never met a fulltime computer-security person for a mainframe shop who >really knew much about the operating system he or she was attempting to >defend. Moreover, I have never met a highly competent z/OS or z/VM systems >programmer who was willing to devote herself or himself exclusively to >security for a single shop. I have started as junior programmer, worked my way up to be a fulltime MVS/XA, OS/390 system programmer responsible for the operating system. I was also a storage admin amongst other duties like assisting users with languages including Assembler. Now, I'm exclusive on RACF and security, while still assisting other teams on as needed base. Granted, you have never met me personally ( good thing? ;-D hehehe ), but I'm sure many IBM-MAIN members have done multiple roles and excelled in whatever role they're fulfilling. Mind you, many IBM-MAIN members are contractors, just like you if I remember correctly. You take up what is given to you. And fix whatever problem there are including security. But you forget about security of the network too. You need security on M/F and also on network, thus 2 teams doing their own work. But for myself, I have NEVER met a network person who is ONLY with security. Did you met such a [network] person? >There is a severe, all but sui generis paucity of both talent and long >experience with the target operating system among these security people; and >it is not at all clear how these deficiencies can be remedied. True. Remedies can only be done with buy-in of the management of the data centre. >Part-time attention to security by a few talented, appropriately experienced >people is all but certain to be much more effective than that given to it by a >much larger group of dedicated mediocrities; but this notion is unpalatable to >many CIOs for the obvious reason. Yes! Here I agree with you! You are a sharp observer! ;-) Groete / Greetings Elardus Engelbrecht ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
